Release v1.0.11 - Add dev mode with test prompt button on all headers

- Add Dev Mode toggle to settings that persists in vault metadata
- Add test permission prompt button (✨) to all page headers when dev mode enabled
- Move devMode and onTestPrompt to NavComponent base class for inheritance
- Refactor all home components to extend NavComponent
- Simplify permission prompt layout: remove duplicate domain from header
- Convert permission descriptions to flowing single paragraphs
- Update header-buttons styling for consistent lock/magic button layout

Files modified:
- projects/common/src/lib/common/nav-component.ts (devMode, onTestPrompt)
- projects/common/src/lib/services/storage/types.ts (devMode property)
- projects/common/src/lib/services/storage/signer-meta-handler.ts (setDevMode)
- projects/common/src/lib/styles/_common.scss (header-buttons styling)
- projects/*/src/app/components/home/*/settings.component.* (dev mode UI)
- projects/*/src/app/components/home/*/*.component.* (extend NavComponent)
- projects/*/public/prompt.html (simplified layout)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package.json

@@ -1,12 +1,12 @@
 {
   "name": "plebeian-signer",
-  "version": "v1.0.9",
+  "version": "v1.0.11",
   "custom": {
     "chrome": {
-      "version": "v1.0.9"
+      "version": "v1.0.11"
     },
     "firefox": {
-      "version": "v1.0.9"
+      "version": "v1.0.11"
     }
   },
   "scripts": {

projects/chrome/custom-webpack.config.ts

@@ -22,5 +22,9 @@ module.exports = {
       import: 'src/options.ts',
       runtime: false,
     },
+    unlock: {
+      import: 'src/unlock.ts',
+      runtime: false,
+    },
   },
 } as Configuration;

projects/chrome/public/manifest.json

@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "Plebeian Signer - Nostr Identity Manager & Signer",
   "description": "Manage and switch between multiple identities while interacting with Nostr apps",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "homepage_url": "https://github.com/PlebeianApp/plebeian-signer",
   "options_page": "options.html",
   "permissions": [

projects/chrome/public/prompt.html

@@ -27,11 +27,66 @@
       .page {
         height: 100%;
         display: grid;
-        grid-template-rows: 1fr 60px;
+        grid-template-rows: 1fr auto;
         grid-template-columns: 1fr;
         overflow-y: hidden;
       }
 
+      .actions {
+        display: flex;
+        flex-direction: column;
+        gap: 8px;
+        padding: var(--size);
+        background: var(--background);
+      }
+
+      .action-row {
+        display: flex;
+        align-items: center;
+        gap: 8px;
+      }
+
+      .action-label {
+        width: 60px;
+        font-size: 13px;
+        font-weight: 500;
+        color: var(--muted-foreground);
+      }
+
+      .action-buttons {
+        display: flex;
+        gap: 8px;
+        flex: 1;
+      }
+
+      .action-buttons button {
+        flex: 1;
+        padding: 8px 12px;
+        border-radius: 6px;
+        font-size: 13px;
+        font-weight: 500;
+        cursor: pointer;
+        border: none;
+      }
+
+      .btn-reject {
+        background: var(--muted);
+        color: var(--foreground);
+      }
+
+      .btn-reject:hover {
+        background: var(--border);
+      }
+
+      .btn-accept {
+        background: var(--primary);
+        color: var(--primary-foreground);
+      }
+
+      .btn-accept:hover {
+        opacity: 0.9;
+      }
+
       .card {
         padding: var(--size);
         background: var(--background-light);
@@ -54,6 +109,12 @@
         font-size: 12px;
         color: gray;
       }
+
+      .description {
+        margin: 0;
+        text-align: center;
+        line-height: 1.5;
+      }
     </style>
   </head>
   <body>
@@ -63,64 +124,31 @@
           <span id="titleSpan" style="font-weight: 400 !important"></span>
         </div>
 
-        <span
-          class="host-INSERT sam-align-self-center sam-text-muted"
-          style="font-weight: 500"
-        ></span>
-
         <!-- Card for getPublicKey -->
         <div id="cardGetPublicKey" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">read your public key</b> <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">read your public key</b> for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card for getRelays -->
         <div id="cardGetRelays" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">read your relays</b> <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">read your relays</b> for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card for signEvent -->
         <div id="cardSignEvent" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">sign an event</b> (kind
-            <span id="kindSpan"></span>) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">sign an event</b> (kind <span id="kindSpan"></span>)
+            for the selected identity <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for signEvent -->
@@ -130,20 +158,11 @@
 
         <!-- Card for nip04.encrypt -->
         <div id="cardNip04Encrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">encrypt a text</b> (NIP04) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">encrypt a text</b> (NIP04) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip04.encrypt -->
@@ -153,20 +172,11 @@
 
         <!-- Card for nip44.encrypt -->
         <div id="cardNip44Encrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">encrypt a text</b> (NIP44) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">encrypt a text</b> (NIP44) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip44.encrypt -->
@@ -176,20 +186,11 @@
 
         <!-- Card for nip04.decrypt -->
         <div id="cardNip04Decrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">decrypt a text</b> (NIP04) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">decrypt a text</b> (NIP04) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip04.decrypt -->
@@ -199,20 +200,11 @@
 
         <!-- Card for nip44.decrypt -->
         <div id="cardNip44Decrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">decrypt a text</b> (NIP44) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">decrypt a text</b> (NIP44) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip44.decrypt -->
@@ -224,47 +216,20 @@
       <!------------->
       <!-- ACTIONS -->
       <!------------->
-      <div class="sam-footer-grid-2">
-        <div class="btn-group">
-          <button id="rejectOnceButton" type="button" class="btn btn-secondary">
-            Reject
-          </button>
-          <button
-            type="button"
-            class="btn btn-secondary dropdown-toggle dropdown-toggle-split"
-            data-bs-toggle="dropdown"
-            aria-expanded="false"
-          >
-            <span class="visually-hidden">Toggle Dropdown</span>
-          </button>
-          <ul class="dropdown-menu dropdown-menu-end">
-            <li>
-              <button id="rejectAlwaysButton" class="dropdown-item">
-                Reject Always
-              </button>
-            </li>
-          </ul>
+      <div class="actions">
+        <div class="action-row">
+          <span class="action-label">Reject</span>
+          <div class="action-buttons">
+            <button id="rejectOnceButton" type="button" class="btn-reject">Once</button>
+            <button id="rejectAlwaysButton" type="button" class="btn-reject">Always</button>
+          </div>
         </div>
-
-        <div class="btn-group">
-          <button id="approveAlwaysButton" type="button" class="btn btn-primary">
-            Approve Always
-          </button>
-          <button
-            type="button"
-            class="btn btn-primary dropdown-toggle dropdown-toggle-split"
-            data-bs-toggle="dropdown"
-            aria-expanded="false"
-          >
-            <span class="visually-hidden">Toggle Dropdown</span>
-          </button>
-          <ul class="dropdown-menu">
-            <li>
-              <button id="approveOnceButton" class="dropdown-item">
-                Approve Once
-              </button>
-            </li>
-          </ul>
+        <div class="action-row">
+          <span class="action-label">Accept</span>
+          <div class="action-buttons">
+            <button id="approveOnceButton" type="button" class="btn-accept">Once</button>
+            <button id="approveAlwaysButton" type="button" class="btn-accept">Always</button>
+          </div>
         </div>
       </div>
     </div>

projects/chrome/public/unlock.html

@@ -0,0 +1,245 @@
+<!DOCTYPE html>
+
+<html>
+  <head>
+    <title>Plebeian Signer - Unlock</title>
+    <link rel="stylesheet" type="text/css" href="styles.css" />
+    <script src="scripts.js"></script>
+    <style>
+      /* Prevent white flash on load */
+      html { background-color: #0a0a0a; }
+      @media (prefers-color-scheme: light) {
+        html { background-color: #ffffff; }
+      }
+
+      body {
+        background: var(--background);
+        height: 100vh;
+        width: 100vw;
+        color: var(--foreground);
+        font-size: 16px;
+        margin: 0;
+        display: flex;
+        flex-direction: column;
+      }
+
+      .color-primary {
+        color: var(--primary);
+      }
+
+      .page {
+        height: 100%;
+        display: flex;
+        flex-direction: column;
+        padding: var(--size);
+        box-sizing: border-box;
+      }
+
+      .header {
+        text-align: center;
+        font-size: 1.25rem;
+        font-weight: 500;
+        padding: var(--size) 0;
+      }
+
+      .content {
+        flex: 1;
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+        align-items: center;
+        gap: 16px;
+      }
+
+      .logo-frame {
+        border: 2px solid var(--secondary);
+        border-radius: 100%;
+        padding: 0;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+
+      .logo-frame img {
+        display: block;
+      }
+
+      .input-group {
+        width: 100%;
+        max-width: 280px;
+        display: flex;
+      }
+
+      .input-group input {
+        flex: 1;
+        padding: 10px 12px;
+        border: 1px solid var(--border);
+        border-right: none;
+        border-radius: 6px 0 0 6px;
+        background: var(--background);
+        color: var(--foreground);
+        font-size: 14px;
+      }
+
+      .input-group input:focus {
+        outline: none;
+        border-color: var(--primary);
+      }
+
+      .input-group button {
+        padding: 10px 12px;
+        border: 1px solid var(--border);
+        border-radius: 0 6px 6px 0;
+        background: var(--background-light);
+        color: var(--muted-foreground);
+        cursor: pointer;
+      }
+
+      .input-group button:hover {
+        background: var(--muted);
+      }
+
+      .unlock-btn {
+        width: 100%;
+        max-width: 280px;
+        padding: 10px 16px;
+        border: none;
+        border-radius: 6px;
+        background: var(--primary);
+        color: var(--primary-foreground);
+        font-size: 14px;
+        font-weight: 500;
+        cursor: pointer;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        gap: 8px;
+      }
+
+      .unlock-btn:hover:not(:disabled) {
+        opacity: 0.9;
+      }
+
+      .unlock-btn:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+      }
+
+      .alert {
+        position: fixed;
+        bottom: var(--size);
+        left: 50%;
+        transform: translateX(-50%);
+        padding: 10px 16px;
+        border-radius: 6px;
+        font-size: 14px;
+        display: flex;
+        align-items: center;
+        gap: 8px;
+      }
+
+      .alert-danger {
+        background: var(--destructive);
+        color: var(--destructive-foreground);
+      }
+
+      .hidden {
+        display: none !important;
+      }
+
+      .deriving-overlay {
+        position: fixed;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        background: rgba(0, 0, 0, 0.8);
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        justify-content: center;
+        gap: 16px;
+        z-index: 1000;
+      }
+
+      .spinner {
+        width: 40px;
+        height: 40px;
+        border: 3px solid var(--muted);
+        border-top-color: var(--primary);
+        border-radius: 50%;
+        animation: spin 1s linear infinite;
+      }
+
+      @keyframes spin {
+        to { transform: rotate(360deg); }
+      }
+
+      .deriving-text {
+        color: var(--foreground);
+        font-size: 14px;
+      }
+
+      .host-info {
+        text-align: center;
+        font-size: 13px;
+        color: var(--muted-foreground);
+        margin-top: 8px;
+      }
+
+      .host-name {
+        color: var(--primary);
+        font-weight: 500;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="page">
+      <div class="header">
+        <span class="brand">Plebeian Signer</span>
+      </div>
+
+      <div class="content">
+        <div class="logo-frame">
+          <img src="logo.svg" height="100" width="100" alt="" />
+        </div>
+
+        <div id="hostInfo" class="host-info hidden">
+          <span class="host-name" id="hostSpan"></span><br>
+          is requesting access
+        </div>
+
+        <div class="input-group sam-mt">
+          <input
+            id="passwordInput"
+            type="password"
+            placeholder="vault password"
+            autocomplete="current-password"
+          />
+          <button id="togglePassword" type="button">
+            <i class="bi bi-eye"></i>
+          </button>
+        </div>
+
+        <button id="unlockBtn" type="button" class="unlock-btn" disabled>
+          <i class="bi bi-box-arrow-in-right"></i>
+          <span>Unlock</span>
+        </button>
+      </div>
+    </div>
+
+    <!-- Deriving overlay -->
+    <div id="derivingOverlay" class="deriving-overlay hidden">
+      <div class="spinner"></div>
+      <div class="deriving-text">Unlocking vault...</div>
+    </div>
+
+    <!-- Error alert -->
+    <div id="errorAlert" class="alert alert-danger hidden">
+      <i class="bi bi-exclamation-triangle"></i>
+      <span id="errorMessage">Invalid password</span>
+    </div>
+
+    <script src="unlock.js"></script>
+  </body>
+</html>

projects/chrome/src/app/components/home/backups/backups.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <button class="back-btn" title="Go Back" (click)="goBack()">
     <span class="emoji">←</span>
   </button>

projects/chrome/src/app/components/home/backups/backups.component.ts

@@ -3,9 +3,9 @@ import { Router } from '@angular/router';
 import {
   ConfirmComponent,
   LoggerService,
+  NavComponent,
   SignerMetaData_VaultSnapshot,
   StartupService,
-  StorageService,
 } from '@common';
 import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage-service-config';
 
@@ -15,9 +15,8 @@ import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage
   styleUrl: './backups.component.scss',
   imports: [ConfirmComponent],
 })
-export class BackupsComponent implements OnInit {
+export class BackupsComponent extends NavComponent implements OnInit {
   readonly #router = inject(Router);
-  readonly #storage = inject(StorageService);
   readonly #startup = inject(StartupService);
   readonly #logger = inject(LoggerService);
 
@@ -27,11 +26,11 @@ export class BackupsComponent implements OnInit {
 
   ngOnInit(): void {
     this.loadBackups();
-    this.maxBackups = this.#storage.getSignerMetaHandler().getMaxBackups();
+    this.maxBackups = this.storage.getSignerMetaHandler().getMaxBackups();
   }
 
   loadBackups(): void {
-    this.backups = this.#storage.getSignerMetaHandler().getBackups();
+    this.backups = this.storage.getSignerMetaHandler().getBackups();
   }
 
   async onMaxBackupsChange(event: Event): Promise<void> {
@@ -39,14 +38,14 @@ export class BackupsComponent implements OnInit {
     const value = parseInt(input.value, 10);
     if (!isNaN(value) && value >= 1 && value <= 20) {
       this.maxBackups = value;
-      await this.#storage.getSignerMetaHandler().setMaxBackups(value);
+      await this.storage.getSignerMetaHandler().setMaxBackups(value);
     }
   }
 
   async createManualBackup(): Promise<void> {
-    const browserSyncData = this.#storage.getBrowserSyncHandler().browserSyncData;
+    const browserSyncData = this.storage.getBrowserSyncHandler().browserSyncData;
     if (browserSyncData) {
-      await this.#storage.getSignerMetaHandler().createBackup(browserSyncData, 'manual');
+      await this.storage.getSignerMetaHandler().createBackup(browserSyncData, 'manual');
       this.loadBackups();
     }
   }
@@ -55,22 +54,22 @@ export class BackupsComponent implements OnInit {
     this.restoringBackupId = backupId;
     try {
       // First, create a pre-restore backup of current state
-      const currentData = this.#storage.getBrowserSyncHandler().browserSyncData;
+      const currentData = this.storage.getBrowserSyncHandler().browserSyncData;
       if (currentData) {
-        await this.#storage.getSignerMetaHandler().createBackup(currentData, 'pre-restore');
+        await this.storage.getSignerMetaHandler().createBackup(currentData, 'pre-restore');
       }
 
       // Get the backup data
-      const backupData = this.#storage.getSignerMetaHandler().getBackupData(backupId);
+      const backupData = this.storage.getSignerMetaHandler().getBackupData(backupId);
       if (!backupData) {
         throw new Error('Backup not found');
       }
 
       // Import the backup
-      await this.#storage.deleteVault(true);
-      await this.#storage.importVault(backupData);
+      await this.storage.deleteVault(true);
+      await this.storage.importVault(backupData);
       this.#logger.logVaultImport('Backup Restore');
-      this.#storage.isInitialized = false;
+      this.storage.isInitialized = false;
       this.#startup.startOver(getNewStorageServiceConfig());
     } catch (error) {
       console.error('Failed to restore backup:', error);
@@ -79,7 +78,7 @@ export class BackupsComponent implements OnInit {
   }
 
   async deleteBackup(backupId: string): Promise<void> {
-    await this.#storage.getSignerMetaHandler().deleteBackup(backupId);
+    await this.storage.getSignerMetaHandler().deleteBackup(backupId);
     this.loadBackups();
   }
 
@@ -120,7 +119,7 @@ export class BackupsComponent implements OnInit {
 
   async onClickLock(): Promise<void> {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/chrome/src/app/components/home/bookmarks/bookmarks.component.html

@@ -1,9 +1,16 @@
 <!-- eslint-disable @angular-eslint/template/interactive-supports-focus -->
 <!-- eslint-disable @angular-eslint/template/click-events-have-key-events -->
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span>Bookmarks</span>
   <button class="add-btn" title="Bookmark This Page" (click)="onBookmarkThisPage()">
     <span class="emoji">➕</span>

projects/chrome/src/app/components/home/bookmarks/bookmarks.component.ts

@@ -1,6 +1,6 @@
 import { Component, inject, OnInit } from '@angular/core';
 import { Router } from '@angular/router';
-import { Bookmark, LoggerService, SignerMetaData, StorageService } from '@common';
+import { Bookmark, LoggerService, NavComponent, SignerMetaData } from '@common';
 import { ChromeMetaHandler } from '../../../common/data/chrome-meta-handler';
 
 @Component({
@@ -9,10 +9,9 @@ import { ChromeMetaHandler } from '../../../common/data/chrome-meta-handler';
   styleUrl: './bookmarks.component.scss',
   imports: [],
 })
-export class BookmarksComponent implements OnInit {
+export class BookmarksComponent extends NavComponent implements OnInit {
   readonly #logger = inject(LoggerService);
   readonly #metaHandler = new ChromeMetaHandler();
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
 
   bookmarks: Bookmark[] = [];
@@ -93,7 +92,7 @@ export class BookmarksComponent implements OnInit {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/chrome/src/app/components/home/identities/identities.component.html

@@ -1,9 +1,16 @@
 <!-- eslint-disable @angular-eslint/template/interactive-supports-focus -->
 <!-- eslint-disable @angular-eslint/template/click-events-have-key-events -->
 <div class="custom-header" style="position: sticky; top: 0">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span class="text">Identities</span>
 
   <button class="add-btn" title="New Identity" (click)="onClickNewIdentity()">

projects/chrome/src/app/components/home/identities/identities.component.scss

@@ -19,9 +19,16 @@
     background: var(--background);
     position: relative;
 
-    .lock-btn,
-    .add-btn {
+    .header-buttons {
       position: absolute;
+      left: 0;
+      display: flex;
+      flex-direction: row;
+      align-items: center;
+    }
+
+    .header-btn,
+    .add-btn {
       background: transparent;
       border: none;
       padding: 8px;
@@ -41,11 +48,8 @@
       }
     }
 
-    .lock-btn {
-      left: 0;
-    }
-
     .add-btn {
+      position: absolute;
       right: 0;
     }
 

projects/chrome/src/app/components/home/identities/identities.component.ts

@@ -4,6 +4,7 @@ import {
   IconButtonComponent,
   Identity_DECRYPTED,
   LoggerService,
+  NavComponent,
   NostrHelper,
   ProfileMetadata,
   ProfileMetadataService,
@@ -17,8 +18,8 @@ import {
   styleUrl: './identities.component.scss',
   imports: [IconButtonComponent, ToastComponent],
 })
-export class IdentitiesComponent implements OnInit {
-  readonly storage = inject(StorageService);
+export class IdentitiesComponent extends NavComponent implements OnInit {
+  override readonly storage = inject(StorageService);
   readonly #router = inject(Router);
   readonly #profileMetadata = inject(ProfileMetadataService);
   readonly #logger = inject(LoggerService);

projects/chrome/src/app/components/home/identity/identity.component.html

@@ -1,9 +1,16 @@
 <!-- eslint-disable @angular-eslint/template/interactive-supports-focus -->
 <!-- eslint-disable @angular-eslint/template/click-events-have-key-events -->
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span>You</span>
   <button class="edit-btn" title="Edit profile" (click)="onClickEditProfile()">
     <span class="emoji">📝</span>

projects/chrome/src/app/components/home/identity/identity.component.ts

@@ -3,11 +3,11 @@ import { Router } from '@angular/router';
 import {
   Identity_DECRYPTED,
   LoggerService,
+  NavComponent,
   NostrHelper,
   ProfileMetadata,
   ProfileMetadataService,
   PubkeyComponent,
-  StorageService,
   ToastComponent,
   VisualNip05Pipe,
   validateNip05,
@@ -19,7 +19,7 @@ import {
   templateUrl: './identity.component.html',
   styleUrl: './identity.component.scss',
 })
-export class IdentityComponent implements OnInit {
+export class IdentityComponent extends NavComponent implements OnInit {
   selectedIdentity: Identity_DECRYPTED | undefined;
   selectedIdentityNpub: string | undefined;
   profile: ProfileMetadata | null = null;
@@ -27,7 +27,6 @@ export class IdentityComponent implements OnInit {
   validating = false;
   loading = true;
 
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
   readonly #profileMetadata = inject(ProfileMetadataService);
   readonly #logger = inject(LoggerService);
@@ -82,17 +81,17 @@ export class IdentityComponent implements OnInit {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 
   async #loadData() {
     try {
       const selectedIdentityId =
-        this.#storage.getBrowserSessionHandler().browserSessionData
+        this.storage.getBrowserSessionHandler().browserSessionData
           ?.selectedIdentityId ?? null;
 
-      const identity = this.#storage
+      const identity = this.storage
         .getBrowserSessionHandler()
         .browserSessionData?.identities.find(
           (x) => x.id === selectedIdentityId

projects/chrome/src/app/components/home/info/info.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span> Plebeian Signer </span>
 </div>
 

projects/chrome/src/app/components/home/info/info.component.ts

@@ -1,6 +1,6 @@
 import { Component, inject } from '@angular/core';
 import { Router } from '@angular/router';
-import { LoggerService, StorageService } from '@common';
+import { LoggerService, NavComponent } from '@common';
 import packageJson from '../../../../../../../package.json';
 
 @Component({
@@ -8,16 +8,15 @@ import packageJson from '../../../../../../../package.json';
   templateUrl: './info.component.html',
   styleUrl: './info.component.scss',
 })
-export class InfoComponent {
+export class InfoComponent extends NavComponent {
   readonly #logger = inject(LoggerService);
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
 
   version = packageJson.custom.chrome.version;
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/chrome/src/app/components/home/logs/logs.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span>Logs</span>
   <div class="logs-actions">
     <button class="btn btn-sm btn-secondary" title="Refresh logs" (click)="onRefresh()">Refresh</button>

projects/chrome/src/app/components/home/logs/logs.component.ts

@@ -1,6 +1,6 @@
 import { Component, inject, OnInit } from '@angular/core';
 import { Router } from '@angular/router';
-import { LoggerService, LogEntry, StorageService } from '@common';
+import { LoggerService, LogEntry, NavComponent } from '@common';
 import { DatePipe } from '@angular/common';
 
 @Component({
@@ -9,9 +9,8 @@ import { DatePipe } from '@angular/common';
   styleUrl: './logs.component.scss',
   imports: [DatePipe],
 })
-export class LogsComponent implements OnInit {
+export class LogsComponent extends NavComponent implements OnInit {
   readonly #logger = inject(LoggerService);
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
 
   get logs(): LogEntry[] {
@@ -46,7 +45,7 @@ export class LogsComponent implements OnInit {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/chrome/src/app/components/home/settings/settings.component.html

@@ -1,10 +1,39 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span> Settings </span>
 </div>
 
+<div class="vault-buttons">
+  <button class="btn btn-primary" (click)="onClickExportVault()">
+    Export Vault
+  </button>
+  <button class="btn btn-primary" (click)="navigate('/vault-import')">
+    Import Vault
+  </button>
+</div>
+
+<lib-nav-item text="💾 Backups" (click)="navigate('/home/backups')"></lib-nav-item>
+<lib-nav-item text="🪵 Logs" (click)="navigate('/home/logs')"></lib-nav-item>
+<lib-nav-item text="💡 Info" (click)="navigate('/home/info')"></lib-nav-item>
+
+<div class="dev-mode-row">
+  <label class="toggle-label">
+    <input type="checkbox" [checked]="devMode" (change)="onToggleDevMode($event)" />
+    <span>Dev Mode</span>
+  </label>
+</div>
+
+<div class="sam-flex-grow"></div>
+
 <div class="sync-info">
   <span class="sync-label">SYNC: {{ syncFlow }}</span>
   <p class="sync-note">
@@ -13,20 +42,6 @@
   </p>
 </div>
 
-<button class="btn btn-primary" (click)="onClickExportVault()">
-  Export Vault
-</button>
-
-<button class="btn btn-primary" (click)="navigate('/vault-import')">
-  Import Vault
-</button>
-
-<lib-nav-item text="💾 Backups" (click)="navigate('/home/backups')"></lib-nav-item>
-<lib-nav-item text="🪵 Logs" (click)="navigate('/home/logs')"></lib-nav-item>
-<lib-nav-item text="💡 Info" (click)="navigate('/home/info')"></lib-nav-item>
-
-<div class="sam-flex-grow"></div>
-
 <button
   class="btn btn-danger"
   (click)="

projects/chrome/src/app/components/home/settings/settings.component.scss

@@ -16,6 +16,35 @@
   }
 }
 
+.vault-buttons {
+  display: flex;
+  gap: var(--size);
+
+  button {
+    flex: 1;
+  }
+}
+
+.dev-mode-row {
+  display: flex;
+  align-items: center;
+  gap: var(--size);
+
+  .toggle-label {
+    display: flex;
+    align-items: center;
+    gap: var(--size-h);
+    cursor: pointer;
+    font-size: 0.9rem;
+
+    input[type="checkbox"] {
+      width: 16px;
+      height: 16px;
+      cursor: pointer;
+    }
+  }
+}
+
 .sync-info {
   .sync-label {
     display: block;

projects/chrome/src/app/components/home/settings/settings.component.ts

@@ -12,6 +12,7 @@ import {
   StorageService,
 } from '@common';
 import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage-service-config';
+import { Buffer } from 'buffer';
 
 @Component({
   selector: 'app-settings',
@@ -22,6 +23,7 @@ import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage
 export class SettingsComponent extends NavComponent implements OnInit {
   readonly #router = inject(Router);
   syncFlow: string | undefined;
+  override devMode = false;
 
   readonly #storage = inject(StorageService);
   readonly #startup = inject(StartupService);
@@ -45,6 +47,44 @@ export class SettingsComponent extends NavComponent implements OnInit {
       default:
         break;
     }
+
+    // Load dev mode setting
+    this.devMode = this.#storage.getSignerMetaHandler().signerMetaData?.devMode ?? false;
+  }
+
+  async onToggleDevMode(event: Event) {
+    const checked = (event.target as HTMLInputElement).checked;
+    this.devMode = checked;
+    await this.#storage.getSignerMetaHandler().setDevMode(checked);
+  }
+
+  override async onTestPrompt() {
+    // Open a test permission prompt window
+    const testEvent = {
+      kind: 1,
+      content: 'This is a test note for permission prompt preview.',
+      tags: [],
+      created_at: Math.floor(Date.now() / 1000),
+    };
+    const base64Event = Buffer.from(JSON.stringify(testEvent, null, 2)).toString('base64');
+    const currentIdentity = this.#storage.getBrowserSessionHandler().browserSessionData?.identities.find(
+      i => i.id === this.#storage.getBrowserSessionHandler().browserSessionData?.selectedIdentityId
+    );
+    const nick = currentIdentity?.nick ?? 'Test Identity';
+
+    const width = 375;
+    const height = 600;
+    const left = Math.round((screen.width - width) / 2);
+    const top = Math.round((screen.height - height) / 2);
+
+    chrome.windows.create({
+      type: 'popup',
+      url: `prompt.html?method=signEvent&host=example.com&id=test-${Date.now()}&nick=${encodeURIComponent(nick)}&event=${base64Event}`,
+      width,
+      height,
+      left,
+      top,
+    });
   }
 
   async onResetExtension() {

projects/chrome/src/app/components/home/wallet/wallet.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   @if (showBackButton) {
     <button class="back-btn" title="Go Back" (click)="goBack()">
       <span class="emoji">←</span>

projects/chrome/src/app/components/home/wallet/wallet.component.ts

@@ -4,7 +4,7 @@ import { FormsModule } from '@angular/forms';
 import { CommonModule } from '@angular/common';
 import {
   LoggerService,
-  StorageService,
+  NavComponent,
   NwcService,
   NwcConnection_DECRYPTED,
   CashuService,
@@ -35,9 +35,8 @@ type WalletSection =
   styleUrl: './wallet.component.scss',
   imports: [CommonModule, FormsModule],
 })
-export class WalletComponent implements OnInit, OnDestroy {
+export class WalletComponent extends NavComponent implements OnInit, OnDestroy {
   readonly #logger = inject(LoggerService);
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
   readonly nwcService = inject(NwcService);
   readonly cashuService = inject(CashuService);
@@ -195,7 +194,7 @@ export class WalletComponent implements OnInit, OnDestroy {
 
   ngOnInit(): void {
     // Load current sync flow setting
-    this.currentSyncFlow = this.#storage.getSyncFlow();
+    this.currentSyncFlow = this.storage.getSyncFlow();
 
     // Refresh balances on init if we have connections
     if (this.connections.length > 0) {
@@ -937,7 +936,7 @@ export class WalletComponent implements OnInit, OnDestroy {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 

projects/chrome/src/app/components/whitelisted-apps/whitelisted-apps.component.ts

@@ -17,7 +17,7 @@ export class WhitelistedAppsComponent extends NavComponent {
   @ViewChild('toast') toast!: ToastComponent;
   @ViewChild('confirm') confirm!: ConfirmComponent;
 
-  readonly storage = inject(StorageService);
+  override readonly storage = inject(StorageService);
   readonly #router = inject(Router);
 
   get whitelistedHosts(): string[] {

projects/chrome/src/background-common.ts

@@ -6,16 +6,38 @@ import {
   CryptoHelper,
   SignerMetaData,
   Identity_DECRYPTED,
+  Identity_ENCRYPTED,
   Nip07Method,
   Nip07MethodPolicy,
   NostrHelper,
   Permission_DECRYPTED,
   Permission_ENCRYPTED,
+  Relay_DECRYPTED,
+  Relay_ENCRYPTED,
+  NwcConnection_DECRYPTED,
+  NwcConnection_ENCRYPTED,
+  CashuMint_DECRYPTED,
+  CashuMint_ENCRYPTED,
+  deriveKeyArgon2,
 } from '@common';
 import { ChromeMetaHandler } from './app/common/data/chrome-meta-handler';
 import { Event, EventTemplate, finalizeEvent, nip04, nip44 } from 'nostr-tools';
 import { Buffer } from 'buffer';
 
+// Unlock request/response message types
+export interface UnlockRequestMessage {
+  type: 'unlock-request';
+  id: string;
+  password: string;
+}
+
+export interface UnlockResponseMessage {
+  type: 'unlock-response';
+  id: string;
+  success: boolean;
+  error?: string;
+}
+
 export const debug = function (message: any) {
   const dateString = new Date().toISOString();
   console.log(`[Plebeian Signer - ${dateString}]: ${JSON.stringify(message)}`);
@@ -372,3 +394,352 @@ const encrypt = async function (
   // v1: Use password with PBKDF2
   return await CryptoHelper.encrypt(value, sessionData.iv, sessionData.vaultPassword!);
 };
+
+// ==========================================
+// Unlock Vault Logic (for background script)
+// ==========================================
+
+/**
+ * Decrypt a value using AES-GCM with pre-derived key (v2)
+ */
+async function decryptV2(
+  encryptedBase64: string,
+  ivBase64: string,
+  keyBase64: string
+): Promise<string> {
+  const keyBytes = Buffer.from(keyBase64, 'base64');
+  const iv = Buffer.from(ivBase64, 'base64');
+  const cipherText = Buffer.from(encryptedBase64, 'base64');
+
+  const key = await crypto.subtle.importKey(
+    'raw',
+    keyBytes,
+    { name: 'AES-GCM' },
+    false,
+    ['decrypt']
+  );
+
+  const decrypted = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv },
+    key,
+    cipherText
+  );
+
+  return new TextDecoder().decode(decrypted);
+}
+
+/**
+ * Decrypt a value using PBKDF2 (v1)
+ */
+async function decryptV1(
+  encryptedBase64: string,
+  ivBase64: string,
+  password: string
+): Promise<string> {
+  return CryptoHelper.decrypt(encryptedBase64, ivBase64, password);
+}
+
+/**
+ * Generic decrypt function that handles both v1 and v2
+ */
+async function decryptValue(
+  encrypted: string,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<string> {
+  if (isV2) {
+    return decryptV2(encrypted, iv, keyOrPassword);
+  }
+  return decryptV1(encrypted, iv, keyOrPassword);
+}
+
+/**
+ * Parse decrypted value to the desired type
+ */
+function parseValue(value: string, type: 'string' | 'number' | 'boolean'): any {
+  switch (type) {
+    case 'number':
+      return parseInt(value);
+    case 'boolean':
+      return value === 'true';
+    default:
+      return value;
+  }
+}
+
+/**
+ * Decrypt an identity
+ */
+async function decryptIdentity(
+  identity: Identity_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<Identity_DECRYPTED> {
+  return {
+    id: await decryptValue(identity.id, iv, keyOrPassword, isV2),
+    nick: await decryptValue(identity.nick, iv, keyOrPassword, isV2),
+    createdAt: await decryptValue(identity.createdAt, iv, keyOrPassword, isV2),
+    privkey: await decryptValue(identity.privkey, iv, keyOrPassword, isV2),
+  };
+}
+
+/**
+ * Decrypt a permission
+ */
+async function decryptPermission(
+  permission: Permission_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<Permission_DECRYPTED> {
+  const decrypted: Permission_DECRYPTED = {
+    id: await decryptValue(permission.id, iv, keyOrPassword, isV2),
+    identityId: await decryptValue(permission.identityId, iv, keyOrPassword, isV2),
+    host: await decryptValue(permission.host, iv, keyOrPassword, isV2),
+    method: await decryptValue(permission.method, iv, keyOrPassword, isV2) as Nip07Method,
+    methodPolicy: await decryptValue(permission.methodPolicy, iv, keyOrPassword, isV2) as Nip07MethodPolicy,
+  };
+  if (permission.kind) {
+    decrypted.kind = parseValue(await decryptValue(permission.kind, iv, keyOrPassword, isV2), 'number');
+  }
+  return decrypted;
+}
+
+/**
+ * Decrypt a relay
+ */
+async function decryptRelay(
+  relay: Relay_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<Relay_DECRYPTED> {
+  return {
+    id: await decryptValue(relay.id, iv, keyOrPassword, isV2),
+    identityId: await decryptValue(relay.identityId, iv, keyOrPassword, isV2),
+    url: await decryptValue(relay.url, iv, keyOrPassword, isV2),
+    read: parseValue(await decryptValue(relay.read, iv, keyOrPassword, isV2), 'boolean'),
+    write: parseValue(await decryptValue(relay.write, iv, keyOrPassword, isV2), 'boolean'),
+  };
+}
+
+/**
+ * Decrypt an NWC connection
+ */
+async function decryptNwcConnection(
+  nwc: NwcConnection_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<NwcConnection_DECRYPTED> {
+  const decrypted: NwcConnection_DECRYPTED = {
+    id: await decryptValue(nwc.id, iv, keyOrPassword, isV2),
+    name: await decryptValue(nwc.name, iv, keyOrPassword, isV2),
+    connectionUrl: await decryptValue(nwc.connectionUrl, iv, keyOrPassword, isV2),
+    walletPubkey: await decryptValue(nwc.walletPubkey, iv, keyOrPassword, isV2),
+    relayUrl: await decryptValue(nwc.relayUrl, iv, keyOrPassword, isV2),
+    secret: await decryptValue(nwc.secret, iv, keyOrPassword, isV2),
+    createdAt: await decryptValue(nwc.createdAt, iv, keyOrPassword, isV2),
+  };
+  if (nwc.lud16) {
+    decrypted.lud16 = await decryptValue(nwc.lud16, iv, keyOrPassword, isV2);
+  }
+  if (nwc.cachedBalance) {
+    decrypted.cachedBalance = parseValue(await decryptValue(nwc.cachedBalance, iv, keyOrPassword, isV2), 'number');
+  }
+  if (nwc.cachedBalanceAt) {
+    decrypted.cachedBalanceAt = await decryptValue(nwc.cachedBalanceAt, iv, keyOrPassword, isV2);
+  }
+  return decrypted;
+}
+
+/**
+ * Decrypt a Cashu mint
+ */
+async function decryptCashuMint(
+  mint: CashuMint_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<CashuMint_DECRYPTED> {
+  const proofsJson = await decryptValue(mint.proofs, iv, keyOrPassword, isV2);
+  const decrypted: CashuMint_DECRYPTED = {
+    id: await decryptValue(mint.id, iv, keyOrPassword, isV2),
+    name: await decryptValue(mint.name, iv, keyOrPassword, isV2),
+    mintUrl: await decryptValue(mint.mintUrl, iv, keyOrPassword, isV2),
+    unit: await decryptValue(mint.unit, iv, keyOrPassword, isV2),
+    createdAt: await decryptValue(mint.createdAt, iv, keyOrPassword, isV2),
+    proofs: JSON.parse(proofsJson),
+  };
+  if (mint.cachedBalance) {
+    decrypted.cachedBalance = parseValue(await decryptValue(mint.cachedBalance, iv, keyOrPassword, isV2), 'number');
+  }
+  if (mint.cachedBalanceAt) {
+    decrypted.cachedBalanceAt = await decryptValue(mint.cachedBalanceAt, iv, keyOrPassword, isV2);
+  }
+  return decrypted;
+}
+
+/**
+ * Handle an unlock request from the unlock popup
+ */
+export async function handleUnlockRequest(
+  password: string
+): Promise<{ success: boolean; error?: string }> {
+  try {
+    debug('handleUnlockRequest: Starting unlock...');
+
+    // Check if already unlocked
+    const existingSession = await getBrowserSessionData();
+    if (existingSession) {
+      debug('handleUnlockRequest: Already unlocked');
+      return { success: true };
+    }
+
+    // Get sync data
+    const browserSyncData = await getBrowserSyncData();
+    if (!browserSyncData) {
+      return { success: false, error: 'No vault data found' };
+    }
+
+    // Verify password
+    const passwordHash = await CryptoHelper.hash(password);
+    if (passwordHash !== browserSyncData.vaultHash) {
+      return { success: false, error: 'Invalid password' };
+    }
+    debug('handleUnlockRequest: Password verified');
+
+    // Detect vault version
+    const isV2 = !!browserSyncData.salt;
+    debug(`handleUnlockRequest: Vault version: ${isV2 ? 'v2' : 'v1'}`);
+
+    let keyOrPassword: string;
+    let vaultKey: string | undefined;
+    let vaultPassword: string | undefined;
+
+    if (isV2) {
+      // v2: Derive key with Argon2id (~3 seconds)
+      debug('handleUnlockRequest: Deriving Argon2id key...');
+      const saltBytes = Buffer.from(browserSyncData.salt!, 'base64');
+      const keyBytes = await deriveKeyArgon2(password, saltBytes);
+      vaultKey = Buffer.from(keyBytes).toString('base64');
+      keyOrPassword = vaultKey;
+      debug('handleUnlockRequest: Key derived');
+    } else {
+      // v1: Use password directly
+      vaultPassword = password;
+      keyOrPassword = password;
+    }
+
+    // Decrypt identities
+    debug('handleUnlockRequest: Decrypting identities...');
+    const decryptedIdentities: Identity_DECRYPTED[] = [];
+    for (const identity of browserSyncData.identities) {
+      const decrypted = await decryptIdentity(identity, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedIdentities.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedIdentities.length} identities`);
+
+    // Decrypt permissions
+    debug('handleUnlockRequest: Decrypting permissions...');
+    const decryptedPermissions: Permission_DECRYPTED[] = [];
+    for (const permission of browserSyncData.permissions) {
+      try {
+        const decrypted = await decryptPermission(permission, browserSyncData.iv, keyOrPassword, isV2);
+        decryptedPermissions.push(decrypted);
+      } catch (e) {
+        debug(`handleUnlockRequest: Skipping corrupted permission: ${e}`);
+      }
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedPermissions.length} permissions`);
+
+    // Decrypt relays
+    debug('handleUnlockRequest: Decrypting relays...');
+    const decryptedRelays: Relay_DECRYPTED[] = [];
+    for (const relay of browserSyncData.relays) {
+      const decrypted = await decryptRelay(relay, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedRelays.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedRelays.length} relays`);
+
+    // Decrypt NWC connections
+    debug('handleUnlockRequest: Decrypting NWC connections...');
+    const decryptedNwcConnections: NwcConnection_DECRYPTED[] = [];
+    for (const nwc of browserSyncData.nwcConnections ?? []) {
+      const decrypted = await decryptNwcConnection(nwc, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedNwcConnections.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedNwcConnections.length} NWC connections`);
+
+    // Decrypt Cashu mints
+    debug('handleUnlockRequest: Decrypting Cashu mints...');
+    const decryptedCashuMints: CashuMint_DECRYPTED[] = [];
+    for (const mint of browserSyncData.cashuMints ?? []) {
+      const decrypted = await decryptCashuMint(mint, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedCashuMints.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedCashuMints.length} Cashu mints`);
+
+    // Decrypt selectedIdentityId
+    let decryptedSelectedIdentityId: string | null = null;
+    if (browserSyncData.selectedIdentityId !== null) {
+      decryptedSelectedIdentityId = await decryptValue(
+        browserSyncData.selectedIdentityId,
+        browserSyncData.iv,
+        keyOrPassword,
+        isV2
+      );
+    }
+    debug(`handleUnlockRequest: selectedIdentityId: ${decryptedSelectedIdentityId}`);
+
+    // Build session data
+    const browserSessionData: BrowserSessionData = {
+      vaultPassword: isV2 ? undefined : vaultPassword,
+      vaultKey: isV2 ? vaultKey : undefined,
+      iv: browserSyncData.iv,
+      salt: browserSyncData.salt,
+      permissions: decryptedPermissions,
+      identities: decryptedIdentities,
+      selectedIdentityId: decryptedSelectedIdentityId,
+      relays: decryptedRelays,
+      nwcConnections: decryptedNwcConnections,
+      cashuMints: decryptedCashuMints,
+    };
+
+    // Save session data
+    debug('handleUnlockRequest: Saving session data...');
+    await chrome.storage.session.set(browserSessionData);
+    debug('handleUnlockRequest: Unlock complete!');
+
+    return { success: true };
+  } catch (error: any) {
+    debug(`handleUnlockRequest: Error: ${error.message}`);
+    return { success: false, error: error.message || 'Unlock failed' };
+  }
+}
+
+/**
+ * Open the unlock popup window
+ */
+export async function openUnlockPopup(host?: string): Promise<void> {
+  const width = 375;
+  const height = 500;
+  const { top, left } = await getPosition(width, height);
+
+  const id = crypto.randomUUID();
+  let url = `unlock.html?id=${id}`;
+  if (host) {
+    url += `&host=${encodeURIComponent(host)}`;
+  }
+
+  await chrome.windows.create({
+    type: 'popup',
+    url,
+    height,
+    width,
+    top,
+    left,
+  });
+}

projects/chrome/src/background.ts

@@ -10,15 +10,19 @@ import {
   debug,
   getBrowserSessionData,
   getPosition,
+  handleUnlockRequest,
   nip04Decrypt,
   nip04Encrypt,
   nip44Decrypt,
   nip44Encrypt,
+  openUnlockPopup,
   PromptResponse,
   PromptResponseMessage,
   shouldRecklessModeApprove,
   signEvent,
   storePermission,
+  UnlockRequestMessage,
+  UnlockResponseMessage,
 } from './background-common';
 import browser from 'webextension-polyfill';
 import { Buffer } from 'buffer';
@@ -33,8 +37,49 @@ const openPrompts = new Map<
   }
 >();
 
+// Track if unlock popup is already open
+let unlockPopupOpen = false;
+
+// Queue of pending NIP-07 requests waiting for unlock
+const pendingRequests: {
+  request: BackgroundRequestMessage;
+  resolve: (result: any) => void;
+  reject: (error: any) => void;
+}[] = [];
+
 browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
   debug('Message received');
+
+  // Handle unlock request from unlock popup
+  if ((message as UnlockRequestMessage)?.type === 'unlock-request') {
+    const unlockReq = message as UnlockRequestMessage;
+    debug('Processing unlock request');
+    const result = await handleUnlockRequest(unlockReq.password);
+    const response: UnlockResponseMessage = {
+      type: 'unlock-response',
+      id: unlockReq.id,
+      success: result.success,
+      error: result.error,
+    };
+
+    if (result.success) {
+      unlockPopupOpen = false;
+      // Process any pending NIP-07 requests
+      debug(`Processing ${pendingRequests.length} pending requests`);
+      while (pendingRequests.length > 0) {
+        const pending = pendingRequests.shift()!;
+        try {
+          const pendingResult = await processNip07Request(pending.request);
+          pending.resolve(pendingResult);
+        } catch (error) {
+          pending.reject(error);
+        }
+      }
+    }
+
+    return response;
+  }
+
   const request = message as BackgroundRequestMessage | PromptResponseMessage;
   debug(request);
 
@@ -55,6 +100,32 @@ browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
 
   const browserSessionData = await getBrowserSessionData();
 
+  if (!browserSessionData) {
+    // Vault is locked - open unlock popup and queue the request
+    const req = request as BackgroundRequestMessage;
+    debug('Vault locked, opening unlock popup');
+
+    if (!unlockPopupOpen) {
+      unlockPopupOpen = true;
+      await openUnlockPopup(req.host);
+    }
+
+    // Queue this request to be processed after unlock
+    return new Promise((resolve, reject) => {
+      pendingRequests.push({ request: req, resolve, reject });
+    });
+  }
+
+  // Process the NIP-07 request
+  return processNip07Request(request as BackgroundRequestMessage);
+});
+
+/**
+ * Process a NIP-07 request after vault is unlocked
+ */
+async function processNip07Request(req: BackgroundRequestMessage): Promise<any> {
+  const browserSessionData = await getBrowserSessionData();
+
   if (!browserSessionData) {
     throw new Error('Plebeian Signer vault not unlocked by the user.');
   }
@@ -67,8 +138,6 @@ browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
     throw new Error('No Nostr identity available at endpoint.');
   }
 
-  const req = request as BackgroundRequestMessage;
-
   // Check reckless mode first
   const recklessApprove = await shouldRecklessModeApprove(req.host);
   debug(`recklessApprove result: ${recklessApprove}`);
@@ -212,4 +281,4 @@ browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
     default:
       throw new Error(`Not supported request method '${req.method}'.`);
   }
-});
+}

projects/chrome/src/unlock.ts

@@ -0,0 +1,106 @@
+import browser from 'webextension-polyfill';
+
+export interface UnlockRequestMessage {
+  type: 'unlock-request';
+  id: string;
+  password: string;
+}
+
+export interface UnlockResponseMessage {
+  type: 'unlock-response';
+  id: string;
+  success: boolean;
+  error?: string;
+}
+
+const params = new URLSearchParams(location.search);
+const id = params.get('id') as string;
+const host = params.get('host');
+
+// Elements
+const passwordInput = document.getElementById('passwordInput') as HTMLInputElement;
+const togglePasswordBtn = document.getElementById('togglePassword');
+const unlockBtn = document.getElementById('unlockBtn') as HTMLButtonElement;
+const derivingOverlay = document.getElementById('derivingOverlay');
+const errorAlert = document.getElementById('errorAlert');
+const errorMessage = document.getElementById('errorMessage');
+const hostInfo = document.getElementById('hostInfo');
+const hostSpan = document.getElementById('hostSpan');
+
+// Show host info if available
+if (host && hostInfo && hostSpan) {
+  hostSpan.innerText = host;
+  hostInfo.classList.remove('hidden');
+}
+
+// Toggle password visibility
+togglePasswordBtn?.addEventListener('click', () => {
+  if (passwordInput.type === 'password') {
+    passwordInput.type = 'text';
+    togglePasswordBtn.innerHTML = '<i class="bi bi-eye-slash"></i>';
+  } else {
+    passwordInput.type = 'password';
+    togglePasswordBtn.innerHTML = '<i class="bi bi-eye"></i>';
+  }
+});
+
+// Enable/disable unlock button based on password input
+passwordInput?.addEventListener('input', () => {
+  unlockBtn.disabled = !passwordInput.value;
+});
+
+// Handle enter key
+passwordInput?.addEventListener('keyup', (e) => {
+  if (e.key === 'Enter' && passwordInput.value) {
+    attemptUnlock();
+  }
+});
+
+// Handle unlock button click
+unlockBtn?.addEventListener('click', attemptUnlock);
+
+async function attemptUnlock() {
+  if (!passwordInput?.value) return;
+
+  // Show deriving overlay
+  derivingOverlay?.classList.remove('hidden');
+  errorAlert?.classList.add('hidden');
+
+  const message: UnlockRequestMessage = {
+    type: 'unlock-request',
+    id,
+    password: passwordInput.value,
+  };
+
+  try {
+    const response = await browser.runtime.sendMessage(message) as UnlockResponseMessage;
+
+    if (response.success) {
+      // Success - close the window
+      window.close();
+    } else {
+      // Failed - show error
+      derivingOverlay?.classList.add('hidden');
+      showError(response.error || 'Invalid password');
+    }
+  } catch (error) {
+    console.error('Failed to send unlock message:', error);
+    derivingOverlay?.classList.add('hidden');
+    showError('Failed to unlock vault');
+  }
+}
+
+function showError(message: string) {
+  if (errorAlert && errorMessage) {
+    errorMessage.innerText = message;
+    errorAlert.classList.remove('hidden');
+    setTimeout(() => {
+      errorAlert.classList.add('hidden');
+    }, 3000);
+  }
+}
+
+// Focus password input on load
+document.addEventListener('DOMContentLoaded', () => {
+  passwordInput?.focus();
+});

projects/chrome/tsconfig.app.json

@@ -12,7 +12,8 @@
     "src/plebian-signer-extension.ts",
     "src/plebian-signer-content-script.ts",
     "src/prompt.ts",
-    "src/options.ts"
+    "src/options.ts",
+    "src/unlock.ts"
   ],
   "include": ["src/**/*.d.ts"]
 }

projects/common/src/lib/common/nav-component.ts

@@ -1,8 +1,29 @@
 import { inject } from '@angular/core';
 import { Router } from '@angular/router';
+import { StorageService } from '../services/storage/storage.service';
+import { Buffer } from 'buffer';
+
+declare const chrome: {
+  windows: {
+    create: (options: {
+      type: string;
+      url: string;
+      width: number;
+      height: number;
+      left: number;
+      top: number;
+    }) => void;
+  };
+};
 
 export class NavComponent {
   readonly #router = inject(Router);
+  protected readonly storage = inject(StorageService);
+  devMode = false;
+
+  constructor() {
+    this.devMode = this.storage.getSignerMetaHandler().signerMetaData?.devMode ?? false;
+  }
 
   navigateBack() {
     window.history.back();
@@ -11,4 +32,32 @@ export class NavComponent {
   navigate(path: string) {
     this.#router.navigate([path]);
   }
+
+  onTestPrompt() {
+    const testEvent = {
+      kind: 1,
+      content: 'This is a test note for permission prompt preview.',
+      tags: [],
+      created_at: Math.floor(Date.now() / 1000),
+    };
+    const base64Event = Buffer.from(JSON.stringify(testEvent, null, 2)).toString('base64');
+    const currentIdentity = this.storage.getBrowserSessionHandler().browserSessionData?.identities.find(
+      i => i.id === this.storage.getBrowserSessionHandler().browserSessionData?.selectedIdentityId
+    );
+    const nick = currentIdentity?.nick ?? 'Test Identity';
+
+    const width = 375;
+    const height = 600;
+    const left = Math.round((screen.width - width) / 2);
+    const top = Math.round((screen.height - height) / 2);
+
+    chrome.windows.create({
+      type: 'popup',
+      url: `prompt.html?method=signEvent&host=example.com&id=test-${Date.now()}&nick=${encodeURIComponent(nick)}&event=${base64Event}`,
+      width,
+      height,
+      left,
+      top,
+    });
+  }
 }

projects/common/src/lib/services/storage/signer-meta-handler.ts

@@ -9,7 +9,7 @@ export abstract class SignerMetaHandler {
 
   #signerMetaData?: SignerMetaData;
 
-  readonly metaProperties = ['syncFlow', 'vaultSnapshots', 'maxBackups', 'recklessMode', 'whitelistedHosts', 'bookmarks'];
+  readonly metaProperties = ['syncFlow', 'vaultSnapshots', 'maxBackups', 'recklessMode', 'whitelistedHosts', 'bookmarks', 'devMode'];
   readonly DEFAULT_MAX_BACKUPS = 5;
   /**
    * Load the full data from the storage. If the storage is used for storing
@@ -58,6 +58,21 @@ export abstract class SignerMetaHandler {
     await this.saveFullData(this.#signerMetaData);
   }
 
+  /**
+   * Sets dev mode and immediately saves it.
+   */
+  async setDevMode(enabled: boolean): Promise<void> {
+    if (!this.#signerMetaData) {
+      this.#signerMetaData = {
+        devMode: enabled,
+      };
+    } else {
+      this.#signerMetaData.devMode = enabled;
+    }
+
+    await this.saveFullData(this.#signerMetaData);
+  }
+
   /**
    * Adds a host to the whitelist and immediately saves it.
    */

projects/common/src/lib/services/storage/types.ts

@@ -202,6 +202,9 @@ export interface SignerMetaData {
 
   // User bookmarks
   bookmarks?: Bookmark[];
+
+  // Dev mode: show test permission prompt button in settings
+  devMode?: boolean;
 }
 
 /**

projects/common/src/lib/styles/_common.scss

@@ -16,9 +16,16 @@
     letter-spacing: 0.1rem;
   }
 
-  .lock-btn {
+  .header-buttons {
     position: absolute;
     left: 0;
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+  }
+
+  .lock-btn,
+  .header-btn {
     background: transparent;
     border: none;
     padding: 8px;
@@ -37,6 +44,12 @@
       font-size: 20px;
     }
   }
+
+  // For backwards compatibility with single lock-btn
+  > .lock-btn {
+    position: absolute;
+    left: 0;
+  }
 }
 
 .sam-footer-grid-2 {

projects/firefox/custom-webpack.config.ts

@@ -22,5 +22,9 @@ module.exports = {
       import: 'src/options.ts',
       runtime: false,
     },
+    unlock: {
+      import: 'src/unlock.ts',
+      runtime: false,
+    },
   },
 } as Configuration;

projects/firefox/public/manifest.json

@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "Plebeian Signer",
   "description": "Nostr Identity Manager & Signer",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "homepage_url": "https://github.com/PlebeianApp/plebeian-signer",
   "options_page": "options.html",
   "permissions": [

projects/firefox/public/prompt.html

@@ -27,11 +27,66 @@
       .page {
         height: 100%;
         display: grid;
-        grid-template-rows: 1fr 60px;
+        grid-template-rows: 1fr auto;
         grid-template-columns: 1fr;
         overflow-y: hidden;
       }
 
+      .actions {
+        display: flex;
+        flex-direction: column;
+        gap: 8px;
+        padding: var(--size);
+        background: var(--background);
+      }
+
+      .action-row {
+        display: flex;
+        align-items: center;
+        gap: 8px;
+      }
+
+      .action-label {
+        width: 60px;
+        font-size: 13px;
+        font-weight: 500;
+        color: var(--muted-foreground);
+      }
+
+      .action-buttons {
+        display: flex;
+        gap: 8px;
+        flex: 1;
+      }
+
+      .action-buttons button {
+        flex: 1;
+        padding: 8px 12px;
+        border-radius: 6px;
+        font-size: 13px;
+        font-weight: 500;
+        cursor: pointer;
+        border: none;
+      }
+
+      .btn-reject {
+        background: var(--muted);
+        color: var(--foreground);
+      }
+
+      .btn-reject:hover {
+        background: var(--border);
+      }
+
+      .btn-accept {
+        background: var(--primary);
+        color: var(--primary-foreground);
+      }
+
+      .btn-accept:hover {
+        opacity: 0.9;
+      }
+
       .card {
         padding: var(--size);
         background: var(--background-light);
@@ -54,6 +109,12 @@
         font-size: 12px;
         color: gray;
       }
+
+      .description {
+        margin: 0;
+        text-align: center;
+        line-height: 1.5;
+      }
     </style>
   </head>
   <body>
@@ -63,64 +124,31 @@
           <span id="titleSpan" style="font-weight: 400 !important"></span>
         </div>
 
-        <span
-          class="host-INSERT sam-align-self-center sam-text-muted"
-          style="font-weight: 500"
-        ></span>
-
         <!-- Card for getPublicKey -->
         <div id="cardGetPublicKey" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">read your public key</b> <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">read your public key</b> for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card for getRelays -->
         <div id="cardGetRelays" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">read your relays</b> <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">read your relays</b> for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card for signEvent -->
         <div id="cardSignEvent" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">sign an event</b> (kind
-            <span id="kindSpan"></span>) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">sign an event</b> (kind <span id="kindSpan"></span>)
+            for the selected identity <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for signEvent -->
@@ -130,20 +158,11 @@
 
         <!-- Card for nip04.encrypt -->
         <div id="cardNip04Encrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">encrypt a text</b> (NIP04) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">encrypt a text</b> (NIP04) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip04.encrypt -->
@@ -153,20 +172,11 @@
 
         <!-- Card for nip44.encrypt -->
         <div id="cardNip44Encrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">encrypt a text</b> (NIP44) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">encrypt a text</b> (NIP44) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip44.encrypt -->
@@ -176,20 +186,11 @@
 
         <!-- Card for nip04.decrypt -->
         <div id="cardNip04Decrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">decrypt a text</b> (NIP04) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">decrypt a text</b> (NIP04) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip04.decrypt -->
@@ -199,20 +200,11 @@
 
         <!-- Card for nip44.decrypt -->
         <div id="cardNip44Decrypt" class="card sam-mt sam-ml sam-mr">
-          <span style="text-align: center">
-            <b><span class="host-INSERT color-primary"></span></b>
-            is requesting permission to<br />
-            <br />
-            <b class="color-primary">decrypt a text</b> (NIP44) <br />
-            <br />
-            <span>
-              for the selected identity
-              <span
-                style="font-weight: 500"
-                class="nick-INSERT color-primary"
-              ></span>
-            </span>
-          </span>
+          <p class="description">
+            <b class="host-INSERT color-primary"></b> is requesting permission to
+            <b class="color-primary">decrypt a text</b> (NIP44) for the selected identity
+            <b class="nick-INSERT color-primary"></b>.
+          </p>
         </div>
 
         <!-- Card2 for nip44.decrypt -->
@@ -224,47 +216,20 @@
       <!------------->
       <!-- ACTIONS -->
       <!------------->
-      <div class="sam-footer-grid-2">
-        <div class="btn-group">
-          <button id="rejectOnceButton" type="button" class="btn btn-secondary">
-            Reject
-          </button>
-          <button
-            type="button"
-            class="btn btn-secondary dropdown-toggle dropdown-toggle-split"
-            data-bs-toggle="dropdown"
-            aria-expanded="false"
-          >
-            <span class="visually-hidden">Toggle Dropdown</span>
-          </button>
-          <ul class="dropdown-menu dropdown-menu-end">
-            <li>
-              <button id="rejectAlwaysButton" class="dropdown-item">
-                Reject Always
-              </button>
-            </li>
-          </ul>
+      <div class="actions">
+        <div class="action-row">
+          <span class="action-label">Reject</span>
+          <div class="action-buttons">
+            <button id="rejectOnceButton" type="button" class="btn-reject">Once</button>
+            <button id="rejectAlwaysButton" type="button" class="btn-reject">Always</button>
+          </div>
         </div>
-
-        <div class="btn-group">
-          <button id="approveAlwaysButton" type="button" class="btn btn-primary">
-            Approve Always
-          </button>
-          <button
-            type="button"
-            class="btn btn-primary dropdown-toggle dropdown-toggle-split"
-            data-bs-toggle="dropdown"
-            aria-expanded="false"
-          >
-            <span class="visually-hidden">Toggle Dropdown</span>
-          </button>
-          <ul class="dropdown-menu">
-            <li>
-              <button id="approveOnceButton" class="dropdown-item">
-                Approve Once
-              </button>
-            </li>
-          </ul>
+        <div class="action-row">
+          <span class="action-label">Accept</span>
+          <div class="action-buttons">
+            <button id="approveOnceButton" type="button" class="btn-accept">Once</button>
+            <button id="approveAlwaysButton" type="button" class="btn-accept">Always</button>
+          </div>
         </div>
       </div>
     </div>

projects/firefox/public/unlock.html

@@ -0,0 +1,245 @@
+<!DOCTYPE html>
+
+<html>
+  <head>
+    <title>Plebeian Signer - Unlock</title>
+    <link rel="stylesheet" type="text/css" href="styles.css" />
+    <script src="scripts.js"></script>
+    <style>
+      /* Prevent white flash on load */
+      html { background-color: #0a0a0a; }
+      @media (prefers-color-scheme: light) {
+        html { background-color: #ffffff; }
+      }
+
+      body {
+        background: var(--background);
+        height: 100vh;
+        width: 100vw;
+        color: var(--foreground);
+        font-size: 16px;
+        margin: 0;
+        display: flex;
+        flex-direction: column;
+      }
+
+      .color-primary {
+        color: var(--primary);
+      }
+
+      .page {
+        height: 100%;
+        display: flex;
+        flex-direction: column;
+        padding: var(--size);
+        box-sizing: border-box;
+      }
+
+      .header {
+        text-align: center;
+        font-size: 1.25rem;
+        font-weight: 500;
+        padding: var(--size) 0;
+      }
+
+      .content {
+        flex: 1;
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+        align-items: center;
+        gap: 16px;
+      }
+
+      .logo-frame {
+        border: 2px solid var(--secondary);
+        border-radius: 100%;
+        padding: 0;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+
+      .logo-frame img {
+        display: block;
+      }
+
+      .input-group {
+        width: 100%;
+        max-width: 280px;
+        display: flex;
+      }
+
+      .input-group input {
+        flex: 1;
+        padding: 10px 12px;
+        border: 1px solid var(--border);
+        border-right: none;
+        border-radius: 6px 0 0 6px;
+        background: var(--background);
+        color: var(--foreground);
+        font-size: 14px;
+      }
+
+      .input-group input:focus {
+        outline: none;
+        border-color: var(--primary);
+      }
+
+      .input-group button {
+        padding: 10px 12px;
+        border: 1px solid var(--border);
+        border-radius: 0 6px 6px 0;
+        background: var(--background-light);
+        color: var(--muted-foreground);
+        cursor: pointer;
+      }
+
+      .input-group button:hover {
+        background: var(--muted);
+      }
+
+      .unlock-btn {
+        width: 100%;
+        max-width: 280px;
+        padding: 10px 16px;
+        border: none;
+        border-radius: 6px;
+        background: var(--primary);
+        color: var(--primary-foreground);
+        font-size: 14px;
+        font-weight: 500;
+        cursor: pointer;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        gap: 8px;
+      }
+
+      .unlock-btn:hover:not(:disabled) {
+        opacity: 0.9;
+      }
+
+      .unlock-btn:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+      }
+
+      .alert {
+        position: fixed;
+        bottom: var(--size);
+        left: 50%;
+        transform: translateX(-50%);
+        padding: 10px 16px;
+        border-radius: 6px;
+        font-size: 14px;
+        display: flex;
+        align-items: center;
+        gap: 8px;
+      }
+
+      .alert-danger {
+        background: var(--destructive);
+        color: var(--destructive-foreground);
+      }
+
+      .hidden {
+        display: none !important;
+      }
+
+      .deriving-overlay {
+        position: fixed;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        background: rgba(0, 0, 0, 0.8);
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        justify-content: center;
+        gap: 16px;
+        z-index: 1000;
+      }
+
+      .spinner {
+        width: 40px;
+        height: 40px;
+        border: 3px solid var(--muted);
+        border-top-color: var(--primary);
+        border-radius: 50%;
+        animation: spin 1s linear infinite;
+      }
+
+      @keyframes spin {
+        to { transform: rotate(360deg); }
+      }
+
+      .deriving-text {
+        color: var(--foreground);
+        font-size: 14px;
+      }
+
+      .host-info {
+        text-align: center;
+        font-size: 13px;
+        color: var(--muted-foreground);
+        margin-top: 8px;
+      }
+
+      .host-name {
+        color: var(--primary);
+        font-weight: 500;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="page">
+      <div class="header">
+        <span class="brand">Plebeian Signer</span>
+      </div>
+
+      <div class="content">
+        <div class="logo-frame">
+          <img src="logo.svg" height="100" width="100" alt="" />
+        </div>
+
+        <div id="hostInfo" class="host-info hidden">
+          <span class="host-name" id="hostSpan"></span><br>
+          is requesting access
+        </div>
+
+        <div class="input-group sam-mt">
+          <input
+            id="passwordInput"
+            type="password"
+            placeholder="vault password"
+            autocomplete="current-password"
+          />
+          <button id="togglePassword" type="button">
+            <i class="bi bi-eye"></i>
+          </button>
+        </div>
+
+        <button id="unlockBtn" type="button" class="unlock-btn" disabled>
+          <i class="bi bi-box-arrow-in-right"></i>
+          <span>Unlock</span>
+        </button>
+      </div>
+    </div>
+
+    <!-- Deriving overlay -->
+    <div id="derivingOverlay" class="deriving-overlay hidden">
+      <div class="spinner"></div>
+      <div class="deriving-text">Unlocking vault...</div>
+    </div>
+
+    <!-- Error alert -->
+    <div id="errorAlert" class="alert alert-danger hidden">
+      <i class="bi bi-exclamation-triangle"></i>
+      <span id="errorMessage">Invalid password</span>
+    </div>
+
+    <script src="unlock.js"></script>
+  </body>
+</html>

projects/firefox/src/app/components/home/backups/backups.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <button class="back-btn" title="Go Back" (click)="goBack()">
     <span class="emoji">←</span>
   </button>

projects/firefox/src/app/components/home/backups/backups.component.ts

@@ -3,9 +3,9 @@ import { Router } from '@angular/router';
 import {
   ConfirmComponent,
   LoggerService,
+  NavComponent,
   SignerMetaData_VaultSnapshot,
   StartupService,
-  StorageService,
 } from '@common';
 import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage-service-config';
 
@@ -15,9 +15,8 @@ import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage
   styleUrl: './backups.component.scss',
   imports: [ConfirmComponent],
 })
-export class BackupsComponent implements OnInit {
+export class BackupsComponent extends NavComponent implements OnInit {
   readonly #router = inject(Router);
-  readonly #storage = inject(StorageService);
   readonly #startup = inject(StartupService);
   readonly #logger = inject(LoggerService);
 
@@ -27,11 +26,11 @@ export class BackupsComponent implements OnInit {
 
   ngOnInit(): void {
     this.loadBackups();
-    this.maxBackups = this.#storage.getSignerMetaHandler().getMaxBackups();
+    this.maxBackups = this.storage.getSignerMetaHandler().getMaxBackups();
   }
 
   loadBackups(): void {
-    this.backups = this.#storage.getSignerMetaHandler().getBackups();
+    this.backups = this.storage.getSignerMetaHandler().getBackups();
   }
 
   async onMaxBackupsChange(event: Event): Promise<void> {
@@ -39,14 +38,14 @@ export class BackupsComponent implements OnInit {
     const value = parseInt(input.value, 10);
     if (!isNaN(value) && value >= 1 && value <= 20) {
       this.maxBackups = value;
-      await this.#storage.getSignerMetaHandler().setMaxBackups(value);
+      await this.storage.getSignerMetaHandler().setMaxBackups(value);
     }
   }
 
   async createManualBackup(): Promise<void> {
-    const browserSyncData = this.#storage.getBrowserSyncHandler().browserSyncData;
+    const browserSyncData = this.storage.getBrowserSyncHandler().browserSyncData;
     if (browserSyncData) {
-      await this.#storage.getSignerMetaHandler().createBackup(browserSyncData, 'manual');
+      await this.storage.getSignerMetaHandler().createBackup(browserSyncData, 'manual');
       this.loadBackups();
     }
   }
@@ -55,22 +54,22 @@ export class BackupsComponent implements OnInit {
     this.restoringBackupId = backupId;
     try {
       // First, create a pre-restore backup of current state
-      const currentData = this.#storage.getBrowserSyncHandler().browserSyncData;
+      const currentData = this.storage.getBrowserSyncHandler().browserSyncData;
       if (currentData) {
-        await this.#storage.getSignerMetaHandler().createBackup(currentData, 'pre-restore');
+        await this.storage.getSignerMetaHandler().createBackup(currentData, 'pre-restore');
       }
 
       // Get the backup data
-      const backupData = this.#storage.getSignerMetaHandler().getBackupData(backupId);
+      const backupData = this.storage.getSignerMetaHandler().getBackupData(backupId);
       if (!backupData) {
         throw new Error('Backup not found');
       }
 
       // Import the backup
-      await this.#storage.deleteVault(true);
-      await this.#storage.importVault(backupData);
+      await this.storage.deleteVault(true);
+      await this.storage.importVault(backupData);
       this.#logger.logVaultImport('Backup Restore');
-      this.#storage.isInitialized = false;
+      this.storage.isInitialized = false;
       this.#startup.startOver(getNewStorageServiceConfig());
     } catch (error) {
       console.error('Failed to restore backup:', error);
@@ -79,7 +78,7 @@ export class BackupsComponent implements OnInit {
   }
 
   async deleteBackup(backupId: string): Promise<void> {
-    await this.#storage.getSignerMetaHandler().deleteBackup(backupId);
+    await this.storage.getSignerMetaHandler().deleteBackup(backupId);
     this.loadBackups();
   }
 
@@ -120,7 +119,7 @@ export class BackupsComponent implements OnInit {
 
   async onClickLock(): Promise<void> {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/firefox/src/app/components/home/bookmarks/bookmarks.component.html

@@ -1,9 +1,16 @@
 <!-- eslint-disable @angular-eslint/template/interactive-supports-focus -->
 <!-- eslint-disable @angular-eslint/template/click-events-have-key-events -->
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span>Bookmarks</span>
   <button class="add-btn" title="Bookmark This Page" (click)="onBookmarkThisPage()">
     <span class="emoji">➕</span>

projects/firefox/src/app/components/home/bookmarks/bookmarks.component.ts

@@ -1,6 +1,6 @@
 import { Component, inject, OnInit } from '@angular/core';
 import { Router } from '@angular/router';
-import { Bookmark, LoggerService, SignerMetaData, StorageService } from '@common';
+import { Bookmark, LoggerService, NavComponent, SignerMetaData } from '@common';
 import { FirefoxMetaHandler } from '../../../common/data/firefox-meta-handler';
 import browser from 'webextension-polyfill';
 
@@ -10,10 +10,9 @@ import browser from 'webextension-polyfill';
   styleUrl: './bookmarks.component.scss',
   imports: [],
 })
-export class BookmarksComponent implements OnInit {
+export class BookmarksComponent extends NavComponent implements OnInit {
   readonly #logger = inject(LoggerService);
   readonly #metaHandler = new FirefoxMetaHandler();
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
 
   bookmarks: Bookmark[] = [];
@@ -94,7 +93,7 @@ export class BookmarksComponent implements OnInit {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/firefox/src/app/components/home/identities/identities.component.html

@@ -1,9 +1,16 @@
 <!-- eslint-disable @angular-eslint/template/interactive-supports-focus -->
 <!-- eslint-disable @angular-eslint/template/click-events-have-key-events -->
 <div class="custom-header" style="position: sticky; top: 0">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span class="text">Identities</span>
 
   <button class="add-btn" title="New Identity" (click)="onClickNewIdentity()">

projects/firefox/src/app/components/home/identities/identities.component.scss

@@ -19,9 +19,16 @@
     background: var(--background);
     position: relative;
 
-    .lock-btn,
-    .add-btn {
+    .header-buttons {
       position: absolute;
+      left: 0;
+      display: flex;
+      flex-direction: row;
+      align-items: center;
+    }
+
+    .header-btn,
+    .add-btn {
       background: transparent;
       border: none;
       padding: 8px;
@@ -41,11 +48,8 @@
       }
     }
 
-    .lock-btn {
-      left: 0;
-    }
-
     .add-btn {
+      position: absolute;
       right: 0;
     }
 

projects/firefox/src/app/components/home/identities/identities.component.ts

@@ -4,6 +4,7 @@ import {
   IconButtonComponent,
   Identity_DECRYPTED,
   LoggerService,
+  NavComponent,
   NostrHelper,
   ProfileMetadata,
   ProfileMetadataService,
@@ -17,8 +18,8 @@ import {
   templateUrl: './identities.component.html',
   styleUrl: './identities.component.scss',
 })
-export class IdentitiesComponent implements OnInit {
-  readonly storage = inject(StorageService);
+export class IdentitiesComponent extends NavComponent implements OnInit {
+  override readonly storage = inject(StorageService);
   readonly #router = inject(Router);
   readonly #profileMetadata = inject(ProfileMetadataService);
   readonly #logger = inject(LoggerService);

projects/firefox/src/app/components/home/identity/identity.component.html

@@ -1,9 +1,16 @@
 <!-- eslint-disable @angular-eslint/template/interactive-supports-focus -->
 <!-- eslint-disable @angular-eslint/template/click-events-have-key-events -->
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span>You</span>
   <button class="edit-btn" title="Edit profile" (click)="onClickEditProfile()">
     <span class="emoji">📝</span>

projects/firefox/src/app/components/home/identity/identity.component.ts

@@ -3,11 +3,11 @@ import { Router } from '@angular/router';
 import {
   Identity_DECRYPTED,
   LoggerService,
+  NavComponent,
   NostrHelper,
   ProfileMetadata,
   ProfileMetadataService,
   PubkeyComponent,
-  StorageService,
   ToastComponent,
   VisualNip05Pipe,
   validateNip05,
@@ -19,7 +19,7 @@ import {
   templateUrl: './identity.component.html',
   styleUrl: './identity.component.scss',
 })
-export class IdentityComponent implements OnInit {
+export class IdentityComponent extends NavComponent implements OnInit {
   selectedIdentity: Identity_DECRYPTED | undefined;
   selectedIdentityNpub: string | undefined;
   profile: ProfileMetadata | null = null;
@@ -27,7 +27,6 @@ export class IdentityComponent implements OnInit {
   validating = false;
   loading = true;
 
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
   readonly #profileMetadata = inject(ProfileMetadataService);
   readonly #logger = inject(LoggerService);
@@ -82,17 +81,17 @@ export class IdentityComponent implements OnInit {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 
   async #loadData() {
     try {
       const selectedIdentityId =
-        this.#storage.getBrowserSessionHandler().browserSessionData
+        this.storage.getBrowserSessionHandler().browserSessionData
           ?.selectedIdentityId ?? null;
 
-      const identity = this.#storage
+      const identity = this.storage
         .getBrowserSessionHandler()
         .browserSessionData?.identities.find(
           (x) => x.id === selectedIdentityId

projects/firefox/src/app/components/home/info/info.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span> Plebeian Signer </span>
 </div>
 

projects/firefox/src/app/components/home/info/info.component.ts

@@ -1,6 +1,6 @@
 import { Component, inject } from '@angular/core';
 import { Router } from '@angular/router';
-import { LoggerService, StorageService } from '@common';
+import { LoggerService, NavComponent } from '@common';
 import packageJson from '../../../../../../../package.json';
 
 @Component({
@@ -8,16 +8,15 @@ import packageJson from '../../../../../../../package.json';
   templateUrl: './info.component.html',
   styleUrl: './info.component.scss',
 })
-export class InfoComponent {
+export class InfoComponent extends NavComponent {
   readonly #logger = inject(LoggerService);
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
 
   version = packageJson.custom.firefox.version;
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/firefox/src/app/components/home/logs/logs.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span>Logs</span>
   <div class="logs-actions">
     <button class="btn btn-sm btn-secondary" title="Refresh logs" (click)="onRefresh()">Refresh</button>

projects/firefox/src/app/components/home/logs/logs.component.ts

@@ -1,6 +1,6 @@
 import { Component, inject, OnInit } from '@angular/core';
 import { Router } from '@angular/router';
-import { LoggerService, LogEntry, StorageService } from '@common';
+import { LoggerService, LogEntry, NavComponent } from '@common';
 import { DatePipe } from '@angular/common';
 
 @Component({
@@ -9,9 +9,8 @@ import { DatePipe } from '@angular/common';
   styleUrl: './logs.component.scss',
   imports: [DatePipe],
 })
-export class LogsComponent implements OnInit {
+export class LogsComponent extends NavComponent implements OnInit {
   readonly #logger = inject(LoggerService);
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
 
   get logs(): LogEntry[] {
@@ -46,7 +45,7 @@ export class LogsComponent implements OnInit {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 }

projects/firefox/src/app/components/home/settings/settings.component.html

@@ -1,10 +1,39 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   <span> Settings </span>
 </div>
 
+<div class="vault-buttons">
+  <button class="btn btn-primary" (click)="onClickExportVault()">
+    Export Vault
+  </button>
+  <button class="btn btn-primary" (click)="navigate('/vault-import')">
+    Import Vault
+  </button>
+</div>
+
+<lib-nav-item text="💾 Backups" (click)="navigate('/home/backups')"></lib-nav-item>
+<lib-nav-item text="🪵 Logs" (click)="navigate('/home/logs')"></lib-nav-item>
+<lib-nav-item text="💡 Info" (click)="navigate('/home/info')"></lib-nav-item>
+
+<div class="dev-mode-row">
+  <label class="toggle-label">
+    <input type="checkbox" [checked]="devMode" (change)="onToggleDevMode($event)" />
+    <span>Dev Mode</span>
+  </label>
+</div>
+
+<div class="sam-flex-grow"></div>
+
 <div class="sync-info">
   <span class="sync-label">SYNC: {{ syncFlow }}</span>
   <p class="sync-note">
@@ -13,25 +42,11 @@
   </p>
 </div>
 
-<button class="btn btn-primary" (click)="onClickExportVault()">
-  Export Vault
-</button>
-
-<button class="btn btn-primary" (click)="navigate('/vault-import')">
-  Import Vault
-</button>
-
-<lib-nav-item text="💾 Backups" (click)="navigate('/home/backups')"></lib-nav-item>
-<lib-nav-item text="🪵 Logs" (click)="navigate('/home/logs')"></lib-nav-item>
-<lib-nav-item text="💡 Info" (click)="navigate('/home/info')"></lib-nav-item>
-
-<div class="sam-flex-grow"></div>
-
 <button
   class="btn btn-danger"
   (click)="
     confirm.show(
-      'Do you really want to reset your extension? All data will be lost.',
+      'Do you really want to reset your extension? Every data will be lost.',
       onResetExtension.bind(this)
     )
   "

projects/firefox/src/app/components/home/settings/settings.component.scss

@@ -16,6 +16,35 @@
   }
 }
 
+.vault-buttons {
+  display: flex;
+  gap: var(--size);
+
+  button {
+    flex: 1;
+  }
+}
+
+.dev-mode-row {
+  display: flex;
+  align-items: center;
+  gap: var(--size);
+
+  .toggle-label {
+    display: flex;
+    align-items: center;
+    gap: var(--size-h);
+    cursor: pointer;
+    font-size: 0.9rem;
+
+    input[type="checkbox"] {
+      width: 16px;
+      height: 16px;
+      cursor: pointer;
+    }
+  }
+}
+
 .sync-info {
   .sync-label {
     display: block;

projects/firefox/src/app/components/home/settings/settings.component.ts

@@ -11,6 +11,8 @@ import {
   StorageService,
 } from '@common';
 import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage-service-config';
+import { Buffer } from 'buffer';
+import browser from 'webextension-polyfill';
 
 @Component({
   selector: 'app-settings',
@@ -21,6 +23,7 @@ import { getNewStorageServiceConfig } from '../../../common/data/get-new-storage
 export class SettingsComponent extends NavComponent implements OnInit {
   readonly #router = inject(Router);
   syncFlow: string | undefined;
+  override devMode = false;
 
   readonly #storage = inject(StorageService);
   readonly #startup = inject(StartupService);
@@ -44,6 +47,44 @@ export class SettingsComponent extends NavComponent implements OnInit {
       default:
         break;
     }
+
+    // Load dev mode setting
+    this.devMode = this.#storage.getSignerMetaHandler().signerMetaData?.devMode ?? false;
+  }
+
+  async onToggleDevMode(event: Event) {
+    const checked = (event.target as HTMLInputElement).checked;
+    this.devMode = checked;
+    await this.#storage.getSignerMetaHandler().setDevMode(checked);
+  }
+
+  override async onTestPrompt() {
+    // Open a test permission prompt window
+    const testEvent = {
+      kind: 1,
+      content: 'This is a test note for permission prompt preview.',
+      tags: [],
+      created_at: Math.floor(Date.now() / 1000),
+    };
+    const base64Event = Buffer.from(JSON.stringify(testEvent, null, 2)).toString('base64');
+    const currentIdentity = this.#storage.getBrowserSessionHandler().browserSessionData?.identities.find(
+      i => i.id === this.#storage.getBrowserSessionHandler().browserSessionData?.selectedIdentityId
+    );
+    const nick = currentIdentity?.nick ?? 'Test Identity';
+
+    const width = 375;
+    const height = 600;
+    const left = Math.round((screen.width - width) / 2);
+    const top = Math.round((screen.height - height) / 2);
+
+    browser.windows.create({
+      type: 'popup',
+      url: `prompt.html?method=signEvent&host=example.com&id=test-${Date.now()}&nick=${encodeURIComponent(nick)}&event=${base64Event}`,
+      width,
+      height,
+      left,
+      top,
+    });
   }
 
   async onResetExtension() {

projects/firefox/src/app/components/home/wallet/wallet.component.html

@@ -1,7 +1,14 @@
 <div class="sam-text-header">
-  <button class="lock-btn" title="Lock" (click)="onClickLock()">
-    <span class="emoji">🔒</span>
-  </button>
+  <div class="header-buttons">
+    <button class="header-btn" title="Lock" (click)="onClickLock()">
+      <span class="emoji">🔒</span>
+    </button>
+    @if (devMode) {
+      <button class="header-btn" title="Test Permission Prompt" (click)="onTestPrompt()">
+        <span class="emoji">✨</span>
+      </button>
+    }
+  </div>
   @if (showBackButton) {
     <button class="back-btn" title="Go Back" (click)="goBack()">
       <span class="emoji">←</span>

projects/firefox/src/app/components/home/wallet/wallet.component.ts

@@ -4,7 +4,7 @@ import { FormsModule } from '@angular/forms';
 import { CommonModule } from '@angular/common';
 import {
   LoggerService,
-  StorageService,
+  NavComponent,
   NwcService,
   NwcConnection_DECRYPTED,
   CashuService,
@@ -35,9 +35,8 @@ type WalletSection =
   styleUrl: './wallet.component.scss',
   imports: [CommonModule, FormsModule],
 })
-export class WalletComponent implements OnInit, OnDestroy {
+export class WalletComponent extends NavComponent implements OnInit, OnDestroy {
   readonly #logger = inject(LoggerService);
-  readonly #storage = inject(StorageService);
   readonly #router = inject(Router);
   readonly nwcService = inject(NwcService);
   readonly cashuService = inject(CashuService);
@@ -195,7 +194,7 @@ export class WalletComponent implements OnInit, OnDestroy {
 
   ngOnInit(): void {
     // Load current sync flow setting
-    this.currentSyncFlow = this.#storage.getSyncFlow();
+    this.currentSyncFlow = this.storage.getSyncFlow();
 
     // Refresh balances on init if we have connections
     if (this.connections.length > 0) {
@@ -937,7 +936,7 @@ export class WalletComponent implements OnInit, OnDestroy {
 
   async onClickLock() {
     this.#logger.logVaultLock();
-    await this.#storage.lockVault();
+    await this.storage.lockVault();
     this.#router.navigateByUrl('/vault-login');
   }
 

projects/firefox/src/app/components/whitelisted-apps/whitelisted-apps.component.ts

@@ -18,7 +18,7 @@ export class WhitelistedAppsComponent extends NavComponent {
   @ViewChild('toast') toast!: ToastComponent;
   @ViewChild('confirm') confirm!: ConfirmComponent;
 
-  readonly storage = inject(StorageService);
+  override readonly storage = inject(StorageService);
   readonly #router = inject(Router);
 
   get whitelistedHosts(): string[] {

projects/firefox/src/background-common.ts

@@ -6,16 +6,38 @@ import {
   CryptoHelper,
   SignerMetaData,
   Identity_DECRYPTED,
+  Identity_ENCRYPTED,
   Nip07Method,
   Nip07MethodPolicy,
   NostrHelper,
   Permission_DECRYPTED,
   Permission_ENCRYPTED,
+  Relay_DECRYPTED,
+  Relay_ENCRYPTED,
+  NwcConnection_DECRYPTED,
+  NwcConnection_ENCRYPTED,
+  CashuMint_DECRYPTED,
+  CashuMint_ENCRYPTED,
+  deriveKeyArgon2,
 } from '@common';
-import { Event, EventTemplate, finalizeEvent, nip04, nip44 } from 'nostr-tools';
 import { FirefoxMetaHandler } from './app/common/data/firefox-meta-handler';
-import browser from 'webextension-polyfill';
+import { Event, EventTemplate, finalizeEvent, nip04, nip44 } from 'nostr-tools';
 import { Buffer } from 'buffer';
+import browser from 'webextension-polyfill';
+
+// Unlock request/response message types
+export interface UnlockRequestMessage {
+  type: 'unlock-request';
+  id: string;
+  password: string;
+}
+
+export interface UnlockResponseMessage {
+  type: 'unlock-response';
+  id: string;
+  success: boolean;
+  error?: string;
+}
 
 export const debug = function (message: any) {
   const dateString = new Date().toISOString();
@@ -96,13 +118,9 @@ export const getBrowserSyncData = async function (): Promise<
   let browserSyncData: BrowserSyncData | undefined;
 
   if (signerMetaData.syncFlow === BrowserSyncFlow.NO_SYNC) {
-    browserSyncData = (await browser.storage.local.get(
-      null
-    )) as unknown as BrowserSyncData;
+    browserSyncData = (await browser.storage.local.get(null)) as unknown as BrowserSyncData;
   } else if (signerMetaData.syncFlow === BrowserSyncFlow.BROWSER_SYNC) {
-    browserSyncData = (await browser.storage.sync.get(
-      null
-    )) as unknown as BrowserSyncData;
+    browserSyncData = (await browser.storage.sync.get(null)) as unknown as BrowserSyncData;
   }
 
   return browserSyncData;
@@ -377,3 +395,352 @@ const encrypt = async function (
   // v1: Use password with PBKDF2
   return await CryptoHelper.encrypt(value, sessionData.iv, sessionData.vaultPassword!);
 };
+
+// ==========================================
+// Unlock Vault Logic (for background script)
+// ==========================================
+
+/**
+ * Decrypt a value using AES-GCM with pre-derived key (v2)
+ */
+async function decryptV2(
+  encryptedBase64: string,
+  ivBase64: string,
+  keyBase64: string
+): Promise<string> {
+  const keyBytes = Buffer.from(keyBase64, 'base64');
+  const iv = Buffer.from(ivBase64, 'base64');
+  const cipherText = Buffer.from(encryptedBase64, 'base64');
+
+  const key = await crypto.subtle.importKey(
+    'raw',
+    keyBytes,
+    { name: 'AES-GCM' },
+    false,
+    ['decrypt']
+  );
+
+  const decrypted = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv },
+    key,
+    cipherText
+  );
+
+  return new TextDecoder().decode(decrypted);
+}
+
+/**
+ * Decrypt a value using PBKDF2 (v1)
+ */
+async function decryptV1(
+  encryptedBase64: string,
+  ivBase64: string,
+  password: string
+): Promise<string> {
+  return CryptoHelper.decrypt(encryptedBase64, ivBase64, password);
+}
+
+/**
+ * Generic decrypt function that handles both v1 and v2
+ */
+async function decryptValue(
+  encrypted: string,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<string> {
+  if (isV2) {
+    return decryptV2(encrypted, iv, keyOrPassword);
+  }
+  return decryptV1(encrypted, iv, keyOrPassword);
+}
+
+/**
+ * Parse decrypted value to the desired type
+ */
+function parseValue(value: string, type: 'string' | 'number' | 'boolean'): any {
+  switch (type) {
+    case 'number':
+      return parseInt(value);
+    case 'boolean':
+      return value === 'true';
+    default:
+      return value;
+  }
+}
+
+/**
+ * Decrypt an identity
+ */
+async function decryptIdentity(
+  identity: Identity_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<Identity_DECRYPTED> {
+  return {
+    id: await decryptValue(identity.id, iv, keyOrPassword, isV2),
+    nick: await decryptValue(identity.nick, iv, keyOrPassword, isV2),
+    createdAt: await decryptValue(identity.createdAt, iv, keyOrPassword, isV2),
+    privkey: await decryptValue(identity.privkey, iv, keyOrPassword, isV2),
+  };
+}
+
+/**
+ * Decrypt a permission
+ */
+async function decryptPermission(
+  permission: Permission_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<Permission_DECRYPTED> {
+  const decrypted: Permission_DECRYPTED = {
+    id: await decryptValue(permission.id, iv, keyOrPassword, isV2),
+    identityId: await decryptValue(permission.identityId, iv, keyOrPassword, isV2),
+    host: await decryptValue(permission.host, iv, keyOrPassword, isV2),
+    method: await decryptValue(permission.method, iv, keyOrPassword, isV2) as Nip07Method,
+    methodPolicy: await decryptValue(permission.methodPolicy, iv, keyOrPassword, isV2) as Nip07MethodPolicy,
+  };
+  if (permission.kind) {
+    decrypted.kind = parseValue(await decryptValue(permission.kind, iv, keyOrPassword, isV2), 'number');
+  }
+  return decrypted;
+}
+
+/**
+ * Decrypt a relay
+ */
+async function decryptRelay(
+  relay: Relay_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<Relay_DECRYPTED> {
+  return {
+    id: await decryptValue(relay.id, iv, keyOrPassword, isV2),
+    identityId: await decryptValue(relay.identityId, iv, keyOrPassword, isV2),
+    url: await decryptValue(relay.url, iv, keyOrPassword, isV2),
+    read: parseValue(await decryptValue(relay.read, iv, keyOrPassword, isV2), 'boolean'),
+    write: parseValue(await decryptValue(relay.write, iv, keyOrPassword, isV2), 'boolean'),
+  };
+}
+
+/**
+ * Decrypt an NWC connection
+ */
+async function decryptNwcConnection(
+  nwc: NwcConnection_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<NwcConnection_DECRYPTED> {
+  const decrypted: NwcConnection_DECRYPTED = {
+    id: await decryptValue(nwc.id, iv, keyOrPassword, isV2),
+    name: await decryptValue(nwc.name, iv, keyOrPassword, isV2),
+    connectionUrl: await decryptValue(nwc.connectionUrl, iv, keyOrPassword, isV2),
+    walletPubkey: await decryptValue(nwc.walletPubkey, iv, keyOrPassword, isV2),
+    relayUrl: await decryptValue(nwc.relayUrl, iv, keyOrPassword, isV2),
+    secret: await decryptValue(nwc.secret, iv, keyOrPassword, isV2),
+    createdAt: await decryptValue(nwc.createdAt, iv, keyOrPassword, isV2),
+  };
+  if (nwc.lud16) {
+    decrypted.lud16 = await decryptValue(nwc.lud16, iv, keyOrPassword, isV2);
+  }
+  if (nwc.cachedBalance) {
+    decrypted.cachedBalance = parseValue(await decryptValue(nwc.cachedBalance, iv, keyOrPassword, isV2), 'number');
+  }
+  if (nwc.cachedBalanceAt) {
+    decrypted.cachedBalanceAt = await decryptValue(nwc.cachedBalanceAt, iv, keyOrPassword, isV2);
+  }
+  return decrypted;
+}
+
+/**
+ * Decrypt a Cashu mint
+ */
+async function decryptCashuMint(
+  mint: CashuMint_ENCRYPTED,
+  iv: string,
+  keyOrPassword: string,
+  isV2: boolean
+): Promise<CashuMint_DECRYPTED> {
+  const proofsJson = await decryptValue(mint.proofs, iv, keyOrPassword, isV2);
+  const decrypted: CashuMint_DECRYPTED = {
+    id: await decryptValue(mint.id, iv, keyOrPassword, isV2),
+    name: await decryptValue(mint.name, iv, keyOrPassword, isV2),
+    mintUrl: await decryptValue(mint.mintUrl, iv, keyOrPassword, isV2),
+    unit: await decryptValue(mint.unit, iv, keyOrPassword, isV2),
+    createdAt: await decryptValue(mint.createdAt, iv, keyOrPassword, isV2),
+    proofs: JSON.parse(proofsJson),
+  };
+  if (mint.cachedBalance) {
+    decrypted.cachedBalance = parseValue(await decryptValue(mint.cachedBalance, iv, keyOrPassword, isV2), 'number');
+  }
+  if (mint.cachedBalanceAt) {
+    decrypted.cachedBalanceAt = await decryptValue(mint.cachedBalanceAt, iv, keyOrPassword, isV2);
+  }
+  return decrypted;
+}
+
+/**
+ * Handle an unlock request from the unlock popup
+ */
+export async function handleUnlockRequest(
+  password: string
+): Promise<{ success: boolean; error?: string }> {
+  try {
+    debug('handleUnlockRequest: Starting unlock...');
+
+    // Check if already unlocked
+    const existingSession = await getBrowserSessionData();
+    if (existingSession) {
+      debug('handleUnlockRequest: Already unlocked');
+      return { success: true };
+    }
+
+    // Get sync data
+    const browserSyncData = await getBrowserSyncData();
+    if (!browserSyncData) {
+      return { success: false, error: 'No vault data found' };
+    }
+
+    // Verify password
+    const passwordHash = await CryptoHelper.hash(password);
+    if (passwordHash !== browserSyncData.vaultHash) {
+      return { success: false, error: 'Invalid password' };
+    }
+    debug('handleUnlockRequest: Password verified');
+
+    // Detect vault version
+    const isV2 = !!browserSyncData.salt;
+    debug(`handleUnlockRequest: Vault version: ${isV2 ? 'v2' : 'v1'}`);
+
+    let keyOrPassword: string;
+    let vaultKey: string | undefined;
+    let vaultPassword: string | undefined;
+
+    if (isV2) {
+      // v2: Derive key with Argon2id (~3 seconds)
+      debug('handleUnlockRequest: Deriving Argon2id key...');
+      const saltBytes = Buffer.from(browserSyncData.salt!, 'base64');
+      const keyBytes = await deriveKeyArgon2(password, saltBytes);
+      vaultKey = Buffer.from(keyBytes).toString('base64');
+      keyOrPassword = vaultKey;
+      debug('handleUnlockRequest: Key derived');
+    } else {
+      // v1: Use password directly
+      vaultPassword = password;
+      keyOrPassword = password;
+    }
+
+    // Decrypt identities
+    debug('handleUnlockRequest: Decrypting identities...');
+    const decryptedIdentities: Identity_DECRYPTED[] = [];
+    for (const identity of browserSyncData.identities) {
+      const decrypted = await decryptIdentity(identity, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedIdentities.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedIdentities.length} identities`);
+
+    // Decrypt permissions
+    debug('handleUnlockRequest: Decrypting permissions...');
+    const decryptedPermissions: Permission_DECRYPTED[] = [];
+    for (const permission of browserSyncData.permissions) {
+      try {
+        const decrypted = await decryptPermission(permission, browserSyncData.iv, keyOrPassword, isV2);
+        decryptedPermissions.push(decrypted);
+      } catch (e) {
+        debug(`handleUnlockRequest: Skipping corrupted permission: ${e}`);
+      }
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedPermissions.length} permissions`);
+
+    // Decrypt relays
+    debug('handleUnlockRequest: Decrypting relays...');
+    const decryptedRelays: Relay_DECRYPTED[] = [];
+    for (const relay of browserSyncData.relays) {
+      const decrypted = await decryptRelay(relay, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedRelays.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedRelays.length} relays`);
+
+    // Decrypt NWC connections
+    debug('handleUnlockRequest: Decrypting NWC connections...');
+    const decryptedNwcConnections: NwcConnection_DECRYPTED[] = [];
+    for (const nwc of browserSyncData.nwcConnections ?? []) {
+      const decrypted = await decryptNwcConnection(nwc, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedNwcConnections.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedNwcConnections.length} NWC connections`);
+
+    // Decrypt Cashu mints
+    debug('handleUnlockRequest: Decrypting Cashu mints...');
+    const decryptedCashuMints: CashuMint_DECRYPTED[] = [];
+    for (const mint of browserSyncData.cashuMints ?? []) {
+      const decrypted = await decryptCashuMint(mint, browserSyncData.iv, keyOrPassword, isV2);
+      decryptedCashuMints.push(decrypted);
+    }
+    debug(`handleUnlockRequest: Decrypted ${decryptedCashuMints.length} Cashu mints`);
+
+    // Decrypt selectedIdentityId
+    let decryptedSelectedIdentityId: string | null = null;
+    if (browserSyncData.selectedIdentityId !== null) {
+      decryptedSelectedIdentityId = await decryptValue(
+        browserSyncData.selectedIdentityId,
+        browserSyncData.iv,
+        keyOrPassword,
+        isV2
+      );
+    }
+    debug(`handleUnlockRequest: selectedIdentityId: ${decryptedSelectedIdentityId}`);
+
+    // Build session data
+    const browserSessionData: BrowserSessionData = {
+      vaultPassword: isV2 ? undefined : vaultPassword,
+      vaultKey: isV2 ? vaultKey : undefined,
+      iv: browserSyncData.iv,
+      salt: browserSyncData.salt,
+      permissions: decryptedPermissions,
+      identities: decryptedIdentities,
+      selectedIdentityId: decryptedSelectedIdentityId,
+      relays: decryptedRelays,
+      nwcConnections: decryptedNwcConnections,
+      cashuMints: decryptedCashuMints,
+    };
+
+    // Save session data
+    debug('handleUnlockRequest: Saving session data...');
+    await browser.storage.session.set(browserSessionData as unknown as Record<string, unknown>);
+    debug('handleUnlockRequest: Unlock complete!');
+
+    return { success: true };
+  } catch (error: any) {
+    debug(`handleUnlockRequest: Error: ${error.message}`);
+    return { success: false, error: error.message || 'Unlock failed' };
+  }
+}
+
+/**
+ * Open the unlock popup window
+ */
+export async function openUnlockPopup(host?: string): Promise<void> {
+  const width = 375;
+  const height = 500;
+  const { top, left } = await getPosition(width, height);
+
+  const id = crypto.randomUUID();
+  let url = `unlock.html?id=${id}`;
+  if (host) {
+    url += `&host=${encodeURIComponent(host)}`;
+  }
+
+  await browser.windows.create({
+    type: 'popup',
+    url,
+    height,
+    width,
+    top,
+    left,
+  });
+}

projects/firefox/src/background.ts

@@ -10,15 +10,19 @@ import {
   debug,
   getBrowserSessionData,
   getPosition,
+  handleUnlockRequest,
   nip04Decrypt,
   nip04Encrypt,
   nip44Decrypt,
   nip44Encrypt,
+  openUnlockPopup,
   PromptResponse,
   PromptResponseMessage,
   shouldRecklessModeApprove,
   signEvent,
   storePermission,
+  UnlockRequestMessage,
+  UnlockResponseMessage,
 } from './background-common';
 import browser from 'webextension-polyfill';
 import { Buffer } from 'buffer';
@@ -33,8 +37,49 @@ const openPrompts = new Map<
   }
 >();
 
+// Track if unlock popup is already open
+let unlockPopupOpen = false;
+
+// Queue of pending NIP-07 requests waiting for unlock
+const pendingRequests: {
+  request: BackgroundRequestMessage;
+  resolve: (result: any) => void;
+  reject: (error: any) => void;
+}[] = [];
+
 browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
   debug('Message received');
+
+  // Handle unlock request from unlock popup
+  if ((message as UnlockRequestMessage)?.type === 'unlock-request') {
+    const unlockReq = message as UnlockRequestMessage;
+    debug('Processing unlock request');
+    const result = await handleUnlockRequest(unlockReq.password);
+    const response: UnlockResponseMessage = {
+      type: 'unlock-response',
+      id: unlockReq.id,
+      success: result.success,
+      error: result.error,
+    };
+
+    if (result.success) {
+      unlockPopupOpen = false;
+      // Process any pending NIP-07 requests
+      debug(`Processing ${pendingRequests.length} pending requests`);
+      while (pendingRequests.length > 0) {
+        const pending = pendingRequests.shift()!;
+        try {
+          const pendingResult = await processNip07Request(pending.request);
+          pending.resolve(pendingResult);
+        } catch (error) {
+          pending.reject(error);
+        }
+      }
+    }
+
+    return response;
+  }
+
   const request = message as BackgroundRequestMessage | PromptResponseMessage;
   debug(request);
 
@@ -55,6 +100,32 @@ browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
 
   const browserSessionData = await getBrowserSessionData();
 
+  if (!browserSessionData) {
+    // Vault is locked - open unlock popup and queue the request
+    const req = request as BackgroundRequestMessage;
+    debug('Vault locked, opening unlock popup');
+
+    if (!unlockPopupOpen) {
+      unlockPopupOpen = true;
+      await openUnlockPopup(req.host);
+    }
+
+    // Queue this request to be processed after unlock
+    return new Promise((resolve, reject) => {
+      pendingRequests.push({ request: req, resolve, reject });
+    });
+  }
+
+  // Process the NIP-07 request
+  return processNip07Request(request as BackgroundRequestMessage);
+});
+
+/**
+ * Process a NIP-07 request after vault is unlocked
+ */
+async function processNip07Request(req: BackgroundRequestMessage): Promise<any> {
+  const browserSessionData = await getBrowserSessionData();
+
   if (!browserSessionData) {
     throw new Error('Plebeian Signer vault not unlocked by the user.');
   }
@@ -67,8 +138,6 @@ browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
     throw new Error('No Nostr identity available at endpoint.');
   }
 
-  const req = request as BackgroundRequestMessage;
-
   // Check reckless mode first
   const recklessApprove = await shouldRecklessModeApprove(req.host);
   debug(`recklessApprove result: ${recklessApprove}`);
@@ -212,4 +281,4 @@ browser.runtime.onMessage.addListener(async (message /*, sender*/) => {
     default:
       throw new Error(`Not supported request method '${req.method}'.`);
   }
-});
+}

projects/firefox/src/unlock.ts

@@ -0,0 +1,106 @@
+import browser from 'webextension-polyfill';
+
+export interface UnlockRequestMessage {
+  type: 'unlock-request';
+  id: string;
+  password: string;
+}
+
+export interface UnlockResponseMessage {
+  type: 'unlock-response';
+  id: string;
+  success: boolean;
+  error?: string;
+}
+
+const params = new URLSearchParams(location.search);
+const id = params.get('id') as string;
+const host = params.get('host');
+
+// Elements
+const passwordInput = document.getElementById('passwordInput') as HTMLInputElement;
+const togglePasswordBtn = document.getElementById('togglePassword');
+const unlockBtn = document.getElementById('unlockBtn') as HTMLButtonElement;
+const derivingOverlay = document.getElementById('derivingOverlay');
+const errorAlert = document.getElementById('errorAlert');
+const errorMessage = document.getElementById('errorMessage');
+const hostInfo = document.getElementById('hostInfo');
+const hostSpan = document.getElementById('hostSpan');
+
+// Show host info if available
+if (host && hostInfo && hostSpan) {
+  hostSpan.innerText = host;
+  hostInfo.classList.remove('hidden');
+}
+
+// Toggle password visibility
+togglePasswordBtn?.addEventListener('click', () => {
+  if (passwordInput.type === 'password') {
+    passwordInput.type = 'text';
+    togglePasswordBtn.innerHTML = '<i class="bi bi-eye-slash"></i>';
+  } else {
+    passwordInput.type = 'password';
+    togglePasswordBtn.innerHTML = '<i class="bi bi-eye"></i>';
+  }
+});
+
+// Enable/disable unlock button based on password input
+passwordInput?.addEventListener('input', () => {
+  unlockBtn.disabled = !passwordInput.value;
+});
+
+// Handle enter key
+passwordInput?.addEventListener('keyup', (e) => {
+  if (e.key === 'Enter' && passwordInput.value) {
+    attemptUnlock();
+  }
+});
+
+// Handle unlock button click
+unlockBtn?.addEventListener('click', attemptUnlock);
+
+async function attemptUnlock() {
+  if (!passwordInput?.value) return;
+
+  // Show deriving overlay
+  derivingOverlay?.classList.remove('hidden');
+  errorAlert?.classList.add('hidden');
+
+  const message: UnlockRequestMessage = {
+    type: 'unlock-request',
+    id,
+    password: passwordInput.value,
+  };
+
+  try {
+    const response = await browser.runtime.sendMessage(message) as UnlockResponseMessage;
+
+    if (response.success) {
+      // Success - close the window
+      window.close();
+    } else {
+      // Failed - show error
+      derivingOverlay?.classList.add('hidden');
+      showError(response.error || 'Invalid password');
+    }
+  } catch (error) {
+    console.error('Failed to send unlock message:', error);
+    derivingOverlay?.classList.add('hidden');
+    showError('Failed to unlock vault');
+  }
+}
+
+function showError(message: string) {
+  if (errorAlert && errorMessage) {
+    errorMessage.innerText = message;
+    errorAlert.classList.remove('hidden');
+    setTimeout(() => {
+      errorAlert.classList.add('hidden');
+    }, 3000);
+  }
+}
+
+// Focus password input on load
+document.addEventListener('DOMContentLoaded', () => {
+  passwordInput?.focus();
+});

projects/firefox/tsconfig.app.json

@@ -12,7 +12,8 @@
     "src/plebian-signer-extension.ts",
     "src/plebian-signer-content-script.ts",
     "src/prompt.ts",
-    "src/options.ts"
+    "src/options.ts",
+    "src/unlock.ts"
   ],
   "include": ["src/**/*.d.ts"]
 }